Csaba Ringhofer created IMPALA-14479:
----------------------------------------
Summary: Paimon 1.1.1 triggers CVE-2025-46762 in cve scanner
Key: IMPALA-14479
URL: https://issues.apache.org/jira/browse/IMPALA-14479
Project: IMPALA
Issue Type: Bug
Reporter: Csaba Ringhofer
The current 1.1.1 depends on org.apache.parquet 1.13.1, which triggers our CVE
scan for https://nvd.nist.gov/vuln/detail/cve-2025-46762
This may be a false alert, as the CVE states that the issue was introduced in
Apache Parquet 1.15.0, so I don't understand why do we see it in 1.13.1.
Current Paiomon uses 1.15.1 which has only a partial fix according to the link
above and 1.15.2 would fix it completely.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
