[
https://issues.apache.org/jira/browse/BEAM-14227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
bala barath updated BEAM-14227:
-------------------------------
Description:
The beam sdk java io kafka uses
{code:java}
org.springframework:spring-expression:4.3.18.RELEASE{code}
which has a transitive dependency of
{code:java}
org.springframework:spring-core:4.3.18.RELEASE{code}
which is affected by the CVE-2022-22965 vulnerability.
References
[https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE]
was:
The beam sdk java io kafka uses
{code:java}
org.springframework:spring-expression:4.3.18.RELEASE{code}
which has a transitive dependency of
{code:java}
org.springframework:spring-core:4.3.18.RELEASE{code}
which is affected by the CVE-2022-22965 vulnerability.
References
[https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE]
> CVE-2022-22965 vulnerability found in java-io-kafka component
> -------------------------------------------------------------
>
> Key: BEAM-14227
> URL: https://issues.apache.org/jira/browse/BEAM-14227
> Project: Beam
> Issue Type: Bug
> Components: io-java-kafka
> Affects Versions: 2.37.0
> Reporter: bala barath
> Priority: P1
>
> The beam sdk java io kafka uses
> {code:java}
> org.springframework:spring-expression:4.3.18.RELEASE{code}
> which has a transitive dependency of
> {code:java}
> org.springframework:spring-core:4.3.18.RELEASE{code}
> which is affected by the CVE-2022-22965 vulnerability.
>
> References
> [https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
