Akshat Mathur created HIVE-27845: ------------------------------------ Summary: Upgrade protobuf to 3.24.4 to fix CVEs Key: HIVE-27845 URL: https://issues.apache.org/jira/browse/HIVE-27845 Project: Hive Issue Type: Improvement Reporter: Akshat Mathur Assignee: Akshat Mathur
Current protobuf-java(3.21.3) has the following CVE Direct vulnerabilities: [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] Vulnerabilities from dependencies: [CVE-2023-2976|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976] [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] -- This message was sent by Atlassian Jira (v8.20.10#820010)