[jira] [Updated] (BEAM-14227) CVE-2022-22965 vulnerability found in java-io-kafka component

Wed, 06 Apr 2022 13:27:05 -0700 


     [ 
https://issues.apache.org/jira/browse/BEAM-14227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Chamikara Madhusanka Jayalath updated BEAM-14227:
-------------------------------------------------
    Status: Resolved  (was: Resolved)

> CVE-2022-22965 vulnerability found in java-io-kafka component
> -------------------------------------------------------------
>
>                 Key: BEAM-14227
>                 URL: https://issues.apache.org/jira/browse/BEAM-14227
>             Project: Beam
>          Issue Type: Bug
>          Components: io-java-kafka
>    Affects Versions: 2.37.0
>            Reporter: bala barath
>            Priority: P1
>             Fix For: 2.39.0
>
>
> The beam sdk java io kafka uses 
> {code:java}
> org.springframework:spring-expression:4.3.18.RELEASE{code}
> which has a transitive dependency of 
> {code:java}
> org.springframework:spring-core:4.3.18.RELEASE{code}
> which is affected by the CVE-2022-22965 vulnerability.
>  
> References
> [https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to