[jira] [Updated] (IMPALA-14479) Paimon 1.1.1 triggers CVE-2025-46762 in cve scanner

Csaba Ringhofer (Jira) Wed, 08 Oct 2025 04:08:04 -0700


     [ 
https://issues.apache.org/jira/browse/IMPALA-14479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Csaba Ringhofer updated IMPALA-14479:
-------------------------------------
    Labels: paimon  (was: )

> Paimon 1.1.1 triggers  CVE-2025-46762 in cve scanner
> ----------------------------------------------------
>
>                 Key: IMPALA-14479
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14479
>             Project: IMPALA
>          Issue Type: Bug
>            Reporter: Csaba Ringhofer
>            Priority: Major
>              Labels: paimon
>
> The current 1.1.1 depends on org.apache.parquet 1.13.1, which triggers our 
> CVE scan for https://nvd.nist.gov/vuln/detail/cve-2025-46762
> This may be a false alert, as the CVE states that the issue was introduced in 
> Apache Parquet 1.15.0, so I don't understand why do we see it in 1.13.1. 
> Current Paiomon uses 1.15.1 which has only a partial fix according to the 
> link above and 1.15.2 would fix it completely.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (IMPALA-14479) Paimon 1.1.1 triggers CVE-2025-46762 in cve scanner

Reply via email to