[jira] [Created] (HDFS-15333) Vulnerability fixes need for jackson-databing on "HTrace"

Hridesh (Jira) Tue, 05 May 2020 05:06:32 -0700

Hridesh created HDFS-15333:
------------------------------

             Summary: Vulnerability fixes need for jackson-databing on "HTrace"
                 Key: HDFS-15333
                 URL: https://issues.apache.org/jira/browse/HDFS-15333
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: security
    Affects Versions: 3.2.1
         Environment: [^hdfs_imagescan_result.csv]
            Reporter: Hridesh
         Attachments: hdfs_imagescan_result.csv


HDFS dependent library "htrace-core4-4.1.0-incubating" build with jackson 
2.4.0. POM URL: 
[https://github.com/apache/incubator-retired-htrace/blob/e12b5fcfaafa56d676fee5f873da01df6b61dac9/pom.xml.]

 

Jackson version < 2.9.1 has below list of vulnerabilities:

CVE-2019-14379

CVE-2019-16335

CVE-2019-17531

CVE-2019-14540

CVE-2018-11307

CVE-2019-12402

CVE-2018-7489

CVE-2018-12022

CVE-2019-14439

CVE-2017-15095

CVE-2017-7525

CVE-2017-17485

 

Attaching image scan result file.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

[jira] [Created] (HDFS-15333) Vulnerability fixes need for jackson-databing on "HTrace"

Reply via email to