[jira] [Created] (HIVE-27845) Upgrade protobuf to 3.24.4 to fix CVEs

Akshat Mathur created HIVE-27845:
------------------------------------

             Summary: Upgrade protobuf to 3.24.4 to fix CVEs
                 Key: HIVE-27845
                 URL: https://issues.apache.org/jira/browse/HIVE-27845
             Project: Hive
          Issue Type: Improvement
            Reporter: Akshat Mathur
            Assignee: Akshat Mathur



Current protobuf-java(3.21.3) has the following CVE

Direct vulnerabilities:
[CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510]
[CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509]
[CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171]

Vulnerabilities from dependencies:
[CVE-2023-2976|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976]
[CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (HIVE-27845) Upgrade protobuf to 3.24.4 to fix CVEs

Reply via email to