[
https://issues.apache.org/jira/browse/KYLIN-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
XuCongying updated KYLIN-4394:
------------------------------
Description:
I noticed some of your libraries contained CVEs. I suggest updating their
versions to increase the security of your project. The following is a detailed
content.
* *Vulnerable Library Version:* org.scala-lang : scala-compiler : 2.11.0 *CVE
ID:*
[CVE-2017-15288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288]
*Import Path:* engine-flink/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml
*Suggested Safe Versions:* 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7,
2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161,
2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba,
2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 2.13.1
* *Vulnerable Library Version:* org.apache.tomcat : tomcat-catalina : 7.0.91
*CVE ID:*
[CVE-2016-8735|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735],
[CVE-2019-0232|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232],
[CVE-2016-6794|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794],
[CVE-2016-6816|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816],
[CVE-2016-8745|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745],
[CVE-2019-17563|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563]
*Import Path:* tomcat-ext/pom.xml, server/pom.xml, server-base/pom.xml
*Suggested Safe Versions:* 10.0.0-M1, 7.0.100, 9.0.30, 9.0.31
* *Vulnerable Library Version:* com.h2database : h2 : 1.4.196 *CVE ID:*
[CVE-2018-10054|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054],
[CVE-2018-14335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335]
*Import Path:* server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml,
source-hive/pom.xml, datasource-sdk/pom.xml *Suggested Safe Versions:* 1.4.198,
1.4.199, 1.4.200
* *Vulnerable Library Version:* com.google.guava : guava : 14.0 *CVE ID:*
[CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
*Import Path:* core-storage/pom.xml, stream-receiver/pom.xml, server/pom.xml,
core-cube/pom.xml, core-metadata/pom.xml, jdbc/pom.xml, tool-assembly/pom.xml,
core-metrics/pom.xml *Suggested Safe Versions:* 24.1.1-android, 24.1.1-jre,
25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre,
27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre,
28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
* *Vulnerable Library Version:* org.apache.hive.hcatalog : hive-hcatalog-core
: 1.2.1 *CVE ID:*
[CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521]
*Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml, server/pom.xml,
kylin-it/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml, server-base/pom.xml
*Suggested Safe Versions:* 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
* *Vulnerable Library Version:* org.apache.spark : spark-core_2.11 : 2.3.2
*CVE ID:*
[CVE-2017-7678|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678],
[CVE-2018-3826|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826],
[CVE-2018-11770|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770],
[CVE-2019-10099|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099]
*Import Path:* server/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml,
storage-hbase/pom.xml *Suggested Safe Versions:* 2.4.5
* *Vulnerable Library Version:* org.apache.kafka : kafka_2.11 : 1.0.0 *CVE
ID:*
[CVE-2018-1288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288],
[CVE-2019-17196|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196]
*Import Path:* assembly/pom.xml, source-kafka/pom.xml, kylin-it/pom.xml,
stream-source-kafka/pom.xml, metrics-reporter-kafka/pom.xml *Suggested Safe
Versions:* 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
* *Vulnerable Library Version:* org.apache.hive : hive-jdbc : 1.2.1 *CVE ID:*
[CVE-2016-3083|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083],
[CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521],
[CVE-2018-1282|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282]
*Import Path:* server/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml
*Suggested Safe Versions:* 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1,
3.1.2
* *Vulnerable Library Version:* org.apache.hadoop : hadoop-hdfs : 2.7.1 *CVE
ID:*
[CVE-2016-5001|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001],
[CVE-2018-11768|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768]
*Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml,
stream-core/pom.xml, stream-receiver/pom.xml, server/pom.xml, kylin-it/pom.xml,
engine-mr/pom.xml, storage-hbase/pom.xml *Suggested Safe Versions:* 2.10.0,
2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
* *Vulnerable Library Version:* org.springframework : spring-core :
4.3.10.RELEASE *CVE ID:*
[CVE-2018-1272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272]
*Import Path:* tool/pom.xml *Suggested Safe Versions:* 4.3.15.RELEASE,
4.3.16.RELEASE, 4.3.17.RELEASE, 4.3.18.RELEASE, 4.3.19.RELEASE, 4.3.20.RELEASE,
4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 4.3.24.RELEASE, 4.3.25.RELEASE,
4.3.26.RELEASE, 5.0.10.RELEASE, 5.0.11.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE,
5.0.14.RELEASE, 5.0.15.RELEASE, 5.0.16.RELEASE, 5.0.5.RELEASE, 5.0.6.RELEASE,
5.0.7.RELEASE, 5.0.8.RELEASE, 5.0.9.RELEASE, 5.1.0.RELEASE, 5.1.1.RELEASE,
5.1.10.RELEASE, 5.1.11.RELEASE, 5.1.12.RELEASE, 5.1.13.RELEASE, 5.1.2.RELEASE,
5.1.3.RELEASE, 5.1.4.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE,
5.1.8.RELEASE, 5.1.9.RELEASE, 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE,
5.2.3.RELEASE
* *Vulnerable Library Version:* com.fasterxml.jackson.core : jackson-databind
: 2.9.5 *CVE ID:*
[CVE-2019-16335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335],
[CVE-2019-12814|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814],
[CVE-2018-19362|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362],
[CVE-2018-19360|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360],
[CVE-2019-14439|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439],
[CVE-2019-16943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943],
[CVE-2019-14379|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379],
[CVE-2019-14540|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540],
[CVE-2019-17267|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267],
[CVE-2018-12023|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023],
[CVE-2020-8840|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840],
[CVE-2019-20330|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330],
[CVE-2019-12384|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384],
[CVE-2019-12086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086],
[CVE-2018-14720|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720],
[CVE-2018-14721|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721],
[CVE-2018-14719|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719],
[CVE-2019-17531|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531],
[CVE-2018-14718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718],
[CVE-2018-11307|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307],
[CVE-2018-19361|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361],
[CVE-2019-16942|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]
*Import Path:* core-common/pom.xml, stream-receiver/pom.xml *Suggested Safe
Versions:* 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
* *Vulnerable Library Version:* org.springframework.security :
spring-security-core : 4.2.3.RELEASE *CVE ID:*
[CVE-2019-3795|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3795],
[CVE-2019-11272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272]
*Import Path:* stream-receiver/pom.xml *Suggested Safe Versions:*
4.2.13.RELEASE, 4.2.14.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 5.0.14.RELEASE,
5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE, 5.2.0.RELEASE,
5.2.1.RELEASE, 5.2.2.RELEASE
* *Vulnerable Library Version:* org.apache.hadoop : hadoop-common : 2.7.1 *CVE
ID:*
[CVE-2016-5393|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393],
[CVE-2018-8009|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009],
[CVE-2016-6811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811],
[CVE-2017-15718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718],
[CVE-2016-3086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086],
[CVE-2017-15713|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713],
[CVE-2018-8029|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029]
*Import Path:* core-storage/pom.xml, tomcat-ext/pom.xml...(The rest of the 33
paths is hidden.) *Suggested Safe Versions:* 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
* *Vulnerable Library Version:* org.apache.httpcomponents : httpclient : 4.2.5
*CVE ID:*
[CVE-2014-3577|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577],
[CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262]
*Import Path:* core-common/pom.xml, jdbc/pom.xml *Suggested Safe Versions:*
4.3.6, 4.4, 4.4-alpha1, 4.4-beta1, 4.4.1, 4.5, 4.5.1, 4.5.10, 4.5.11, 4.5.2,
4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9
* *Vulnerable Library Version:* org.springframework : spring-webmvc :
4.3.10.RELEASE *CVE ID:*
[CVE-2018-15756|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756],
[CVE-2018-1271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271],
[CVE-2018-1199|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199]
*Import Path:* stream-receiver/pom.xml, server-base/pom.xml *Suggested Safe
Versions:* 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE,
4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 5.1.13.RELEASE,
5.2.3.RELEASE
* *Vulnerable Library Version:* org.apache.hadoop :
hadoop-mapreduce-client-core : 2.7.1 *CVE ID:*
[CVE-2017-3166|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166]
*Import Path:* engine-flink/pom.xml, server/pom.xml, kylin-it/pom.xml,
engine-mr/pom.xml *Suggested Safe Versions:* 2.10.0, 2.7.4, 2.7.5, 2.7.6,
2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2,
3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3,
3.2.0, 3.2.1
* *Vulnerable Library Version:* org.apache.commons : commons-compress : 1.18
*CVE ID:*
[CVE-2019-12402|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402]
*Import Path:* core-common/pom.xml *Suggested Safe Versions:* 1.19, 1.20
* *Vulnerable Library Version:* org.eclipse.jetty : jetty-server :
9.3.22.v20171030 *CVE ID:*
[CVE-2017-7656|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656],
[CVE-2019-10247|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247],
[CVE-2017-7657|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657],
[CVE-2017-7658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658],
[CVE-2018-12536|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536]
*Import Path:* stream-receiver/pom.xml, server/pom.xml, server-base/pom.xml
*Suggested Safe Versions:* 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
9.4.25.v20191220, 9.4.26.v20200117
* *Vulnerable Library Version:* mysql : mysql-connector-java : 5.1.8 *CVE ID:*
[CVE-2019-2692|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692],
[CVE-2017-3523|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523],
[CVE-2017-3589|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589]
*Import Path:* core-common/pom.xml, server/pom.xml, kylin-it/pom.xml *Suggested
Safe Versions:* 8.0.16, 8.0.17, 8.0.18, 8.0.19
* *Vulnerable Library Version:* org.postgresql : postgresql : 42.1.1 *CVE ID:*
[CVE-2018-10936|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936]
*Import Path:* datasource-sdk/pom.xml *Suggested Safe Versions:* 42.2.10,
42.2.10.jre6, 42.2.10.jre7, 42.2.5, 42.2.5.jre6, 42.2.5.jre7, 42.2.6,
42.2.6.jre6, 42.2.6.jre7, 42.2.7, 42.2.7.jre6, 42.2.7.jre7, 42.2.8,
42.2.8.jre6, 42.2.8.jre7, 42.2.9, 42.2.9.jre6, 42.2.9.jre7
* *Vulnerable Library Version:* xerces : xercesImpl : 2.11.0 *CVE ID:*
[CVE-2012-0881|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881],
[CVE-2013-4002|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002]
*Import Path:* kylin-it/pom.xml *Suggested Safe Versions:* 2.12.0
was:
Hi, I have noticed that some library CVEs may be related to your projects. To
prevent potential risk it may cause, I suggest a library update. See below for
more details:
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming
: 1.0.0
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: com.google.guava : guava : 18.0
CVE ID:
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
Import Path: flume-ng-sinks/flume-http-sink/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
Vulnerable Library Version: com.google.guava : guava : 11.0.2
CVE ID:
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
Import Path: flume-ng-auth/pom.xml, flume-ng-core/pom.xml...(The rest of the
11 paths is hidden.)
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.0
CVE ID:
[CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521),
[CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2
Vulnerable Library Version: org.eclipse.jetty : jetty-util : 9.4.6.v20170531
CVE ID:
[CVE-2017-9735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9735),
[CVE-2019-10246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10246),
[CVE-2019-10241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241),
[CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
Import Path: flume-ng-core/pom.xml
Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.21.v20190926,
9.4.22.v20191022, 9.4.23.v20191118, 9.4.24.v20191120, 9.4.25.v20191220,
9.4.26.v20200117
Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.1
CVE ID:
[CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
Import Path: flume-ng-sources/flume-kafka-source/pom.xml,
flume-ng-sources/flume-kafka-source/pom.xml,
flume-ng-channels/flume-kafka-channel/pom.xml,
flume-shared/flume-shared-kafka-test/pom.xml,
flume-ng-sinks/flume-ng-kafka-sink/pom.xml
Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.9.0
CVE ID:
[CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
Import Path: flume-ng-sinks/flume-hdfs-sink/pom.xml
Suggested Safe Versions: 2.10.0, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.6.v20170531
CVE ID:
[CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247),
[CVE-2017-7658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658),
[CVE-2017-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656),
[CVE-2017-7657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657),
[CVE-2018-12538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12538),
[CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
Import Path: flume-ng-core/pom.xml
Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
9.4.25.v20191220, 9.4.26.v20200117
Vulnerable Library Version: org.apache.hive : hive-cli : 1.0.0
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.apache.zookeeper : zookeeper : 3.4.5
CVE ID:
[CVE-2017-5637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637),
[CVE-2018-8012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012),
[CVE-2019-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201),
[CVE-2014-0085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0085)
Import Path: flume-ng-sources/flume-kafka-source/pom.xml,
flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
Suggested Safe Versions: 3.4.14, 3.5.5, 3.5.6, 3.5.7
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.9.0
CVE ID:
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
Import Path: flume-ng-auth/pom.xml,
flume-ng-configfilters/flume-ng-hadoop-credential-store-config-filter/pom.xml,
flume-ng-tests/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-dataset-sink/pom.xml,
flume-ng-sinks/flume-hdfs-sink/pom.xml,
flume-ng-sinks/flume-ng-kudu-sink/pom.xml,
flume-ng-sinks/flume-hive-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.mina : mina-core : 2.0.4
CVE ID:
[CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
Import Path: flume-ng-core/pom.xml
Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2
Vulnerable Library Version: org.apache.hbase : hbase-client : 1.0.0
CVE ID:
[CVE-2015-1836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1836)
Import Path: flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
Suggested Safe Versions: 1.0.1.1, 1.0.2, 1.0.3, 1.1.0.1, 1.1.1, 1.1.10,
1.1.11, 1.1.12, 1.1.13, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9,
1.2.0, 1.2.1, 1.2.10, 1.2.11, 1.2.12, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6,
1.2.6.1, 1.2.7, 1.2.8, 1.2.9, 1.3.0, 1.3.1, 1.3.2, 1.3.2.1, 1.3.3, 1.3.4,
1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.10, 1.4.11, 1.4.12, 1.4.2, 1.4.3, 1.4.4, 1.4.5,
1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.0, 2.0.0, 2.0.0-alpha-1, 2.0.0-alpha2,
2.0.0-alpha3, 2.0.0-alpha4, 2.0.0-beta-1, 2.0.0-beta-2, 2.0.1, 2.0.2, 2.0.3,
2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7,
2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core :
1.0.0
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: org.elasticsearch : elasticsearch : 0.90.1
CVE ID:
[CVE-2015-5531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5531),
[CVE-2014-3120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120),
[CVE-2015-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427),
[CVE-2015-3337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337),
[CVE-2014-6439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6439)
Import Path: flume-ng-sinks/flume-ng-elasticsearch-sink/pom.xml
Suggested Safe Versions: 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4,
1.7.5, 1.7.6, 2.0.0, 2.0.0-beta1, 2.0.0-beta2, 2.0.0-rc1, 2.0.1, 2.0.2, 2.1.0,
2.1.1, 2.1.2, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5,
2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 6.8.4, 6.8.5, 6.8.6, 7.4.0,
7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 7.6.0
Vulnerable Library Version: org.apache.hive : hive-metastore : 1.0.0
CVE ID:
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0,
2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: xerces : xercesImpl : 2.9.1
CVE ID:
[CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881),
[CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
Suggested Safe Versions: 2.12.0
Summary: There are several CVEs in the project dependencies (was: CVEs
in the library dependencies)
> There are several CVEs in the project dependencies
> --------------------------------------------------
>
> Key: KYLIN-4394
> URL: https://issues.apache.org/jira/browse/KYLIN-4394
> Project: Kylin
> Issue Type: Bug
> Components: Security
> Reporter: XuCongying
> Assignee: Yaqian Zhang
> Priority: Major
>
> I noticed some of your libraries contained CVEs. I suggest updating their
> versions to increase the security of your project. The following is a
> detailed content.
> * *Vulnerable Library Version:* org.scala-lang : scala-compiler : 2.11.0
> *CVE ID:*
> [CVE-2017-15288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288]
> *Import Path:* engine-flink/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml
> *Suggested Safe Versions:* 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7,
> 2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161,
> 2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba,
> 2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3,
> 2.13.1
> * *Vulnerable Library Version:* org.apache.tomcat : tomcat-catalina : 7.0.91
> *CVE ID:*
> [CVE-2016-8735|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735],
> [CVE-2019-0232|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0232],
> [CVE-2016-6794|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794],
> [CVE-2016-6816|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816],
> [CVE-2016-8745|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745],
> [CVE-2019-17563|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563]
> *Import Path:* tomcat-ext/pom.xml, server/pom.xml, server-base/pom.xml
> *Suggested Safe Versions:* 10.0.0-M1, 7.0.100, 9.0.30, 9.0.31
> * *Vulnerable Library Version:* com.h2database : h2 : 1.4.196 *CVE ID:*
> [CVE-2018-10054|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054],
>
> [CVE-2018-14335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335]
> *Import Path:* server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml,
> source-hive/pom.xml, datasource-sdk/pom.xml *Suggested Safe Versions:*
> 1.4.198, 1.4.199, 1.4.200
> * *Vulnerable Library Version:* com.google.guava : guava : 14.0 *CVE ID:*
> [CVE-2018-10237|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237]
> *Import Path:* core-storage/pom.xml, stream-receiver/pom.xml,
> server/pom.xml, core-cube/pom.xml, core-metadata/pom.xml, jdbc/pom.xml,
> tool-assembly/pom.xml, core-metrics/pom.xml *Suggested Safe Versions:*
> 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre,
> 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre,
> 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre,
> 28.2-android, 28.2-jre
> * *Vulnerable Library Version:* org.apache.hive.hcatalog :
> hive-hcatalog-core : 1.2.1 *CVE ID:*
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521]
> *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml,
> server/pom.xml, kylin-it/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml,
> server-base/pom.xml *Suggested Safe Versions:* 1.2.2, 2.0.0, 2.0.1, 2.1.0,
> 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0,
> 3.1.1, 3.1.2
> * *Vulnerable Library Version:* org.apache.spark : spark-core_2.11 : 2.3.2
> *CVE ID:*
> [CVE-2017-7678|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678],
> [CVE-2018-3826|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826],
> [CVE-2018-11770|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770],
>
> [CVE-2019-10099|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099]
> *Import Path:* server/pom.xml, kylin-it/pom.xml, engine-spark/pom.xml,
> storage-hbase/pom.xml *Suggested Safe Versions:* 2.4.5
> * *Vulnerable Library Version:* org.apache.kafka : kafka_2.11 : 1.0.0 *CVE
> ID:*
> [CVE-2018-1288|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288],
> [CVE-2019-17196|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196]
> *Import Path:* assembly/pom.xml, source-kafka/pom.xml, kylin-it/pom.xml,
> stream-source-kafka/pom.xml, metrics-reporter-kafka/pom.xml *Suggested Safe
> Versions:* 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
> * *Vulnerable Library Version:* org.apache.hive : hive-jdbc : 1.2.1 *CVE
> ID:*
> [CVE-2016-3083|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083],
> [CVE-2015-7521|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521],
> [CVE-2018-1282|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282]
> *Import Path:* server/pom.xml, source-jdbc/pom.xml, source-hive/pom.xml
> *Suggested Safe Versions:* 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1,
> 3.1.2
> * *Vulnerable Library Version:* org.apache.hadoop : hadoop-hdfs : 2.7.1 *CVE
> ID:*
> [CVE-2016-5001|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001],
> [CVE-2018-11768|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768]
> *Import Path:* metrics-reporter-hive/pom.xml, assembly/pom.xml,
> stream-core/pom.xml, stream-receiver/pom.xml, server/pom.xml,
> kylin-it/pom.xml, engine-mr/pom.xml, storage-hbase/pom.xml *Suggested Safe
> Versions:* 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
> * *Vulnerable Library Version:* org.springframework : spring-core :
> 4.3.10.RELEASE *CVE ID:*
> [CVE-2018-1272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1272]
> *Import Path:* tool/pom.xml *Suggested Safe Versions:* 4.3.15.RELEASE,
> 4.3.16.RELEASE, 4.3.17.RELEASE, 4.3.18.RELEASE, 4.3.19.RELEASE,
> 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE,
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.10.RELEASE,
> 5.0.11.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE, 5.0.14.RELEASE,
> 5.0.15.RELEASE, 5.0.16.RELEASE, 5.0.5.RELEASE, 5.0.6.RELEASE, 5.0.7.RELEASE,
> 5.0.8.RELEASE, 5.0.9.RELEASE, 5.1.0.RELEASE, 5.1.1.RELEASE, 5.1.10.RELEASE,
> 5.1.11.RELEASE, 5.1.12.RELEASE, 5.1.13.RELEASE, 5.1.2.RELEASE, 5.1.3.RELEASE,
> 5.1.4.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE,
> 5.1.9.RELEASE, 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE, 5.2.3.RELEASE
> * *Vulnerable Library Version:* com.fasterxml.jackson.core :
> jackson-databind : 2.9.5 *CVE ID:*
> [CVE-2019-16335|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335],
>
> [CVE-2019-12814|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814],
>
> [CVE-2018-19362|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362],
>
> [CVE-2018-19360|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360],
>
> [CVE-2019-14439|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439],
>
> [CVE-2019-16943|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943],
>
> [CVE-2019-14379|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379],
>
> [CVE-2019-14540|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540],
>
> [CVE-2019-17267|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267],
>
> [CVE-2018-12023|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023],
>
> [CVE-2020-8840|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840],
> [CVE-2019-20330|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330],
>
> [CVE-2019-12384|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384],
>
> [CVE-2019-12086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086],
>
> [CVE-2018-14720|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720],
>
> [CVE-2018-14721|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721],
>
> [CVE-2018-14719|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719],
>
> [CVE-2019-17531|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531],
>
> [CVE-2018-14718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718],
>
> [CVE-2018-11307|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307],
>
> [CVE-2018-19361|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361],
>
> [CVE-2019-16942|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942]
> *Import Path:* core-common/pom.xml, stream-receiver/pom.xml *Suggested Safe
> Versions:* 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
> * *Vulnerable Library Version:* org.springframework.security :
> spring-security-core : 4.2.3.RELEASE *CVE ID:*
> [CVE-2019-3795|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3795],
> [CVE-2019-11272|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11272]
> *Import Path:* stream-receiver/pom.xml *Suggested Safe Versions:*
> 4.2.13.RELEASE, 4.2.14.RELEASE, 5.0.12.RELEASE, 5.0.13.RELEASE,
> 5.0.14.RELEASE, 5.1.5.RELEASE, 5.1.6.RELEASE, 5.1.7.RELEASE, 5.1.8.RELEASE,
> 5.2.0.RELEASE, 5.2.1.RELEASE, 5.2.2.RELEASE
> * *Vulnerable Library Version:* org.apache.hadoop : hadoop-common : 2.7.1
> *CVE ID:*
> [CVE-2016-5393|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393],
> [CVE-2018-8009|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009],
> [CVE-2016-6811|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811],
> [CVE-2017-15718|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718],
>
> [CVE-2016-3086|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086],
> [CVE-2017-15713|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713],
> [CVE-2018-8029|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029]
> *Import Path:* core-storage/pom.xml, tomcat-ext/pom.xml...(The rest of the 33
> paths is hidden.) *Suggested Safe Versions:* 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
> * *Vulnerable Library Version:* org.apache.httpcomponents : httpclient :
> 4.2.5 *CVE ID:*
> [CVE-2014-3577|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577],
> [CVE-2015-5262|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262]
> *Import Path:* core-common/pom.xml, jdbc/pom.xml *Suggested Safe Versions:*
> 4.3.6, 4.4, 4.4-alpha1, 4.4-beta1, 4.4.1, 4.5, 4.5.1, 4.5.10, 4.5.11, 4.5.2,
> 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9
> * *Vulnerable Library Version:* org.springframework : spring-webmvc :
> 4.3.10.RELEASE *CVE ID:*
> [CVE-2018-15756|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756],
>
> [CVE-2018-1271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1271],
> [CVE-2018-1199|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1199]
> *Import Path:* stream-receiver/pom.xml, server-base/pom.xml *Suggested Safe
> Versions:* 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE,
> 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE,
> 5.1.13.RELEASE, 5.2.3.RELEASE
> * *Vulnerable Library Version:* org.apache.hadoop :
> hadoop-mapreduce-client-core : 2.7.1 *CVE ID:*
> [CVE-2017-3166|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166]
> *Import Path:* engine-flink/pom.xml, server/pom.xml, kylin-it/pom.xml,
> engine-mr/pom.xml *Suggested Safe Versions:* 2.10.0, 2.7.4, 2.7.5, 2.7.6,
> 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2,
> 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3,
> 3.2.0, 3.2.1
> * *Vulnerable Library Version:* org.apache.commons : commons-compress : 1.18
> *CVE ID:*
> [CVE-2019-12402|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402]
> *Import Path:* core-common/pom.xml *Suggested Safe Versions:* 1.19, 1.20
> * *Vulnerable Library Version:* org.eclipse.jetty : jetty-server :
> 9.3.22.v20171030 *CVE ID:*
> [CVE-2017-7656|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656],
> [CVE-2019-10247|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247],
>
> [CVE-2017-7657|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657],
> [CVE-2017-7658|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658],
> [CVE-2018-12536|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536]
> *Import Path:* stream-receiver/pom.xml, server/pom.xml, server-base/pom.xml
> *Suggested Safe Versions:* 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418,
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120,
> 9.4.25.v20191220, 9.4.26.v20200117
> * *Vulnerable Library Version:* mysql : mysql-connector-java : 5.1.8 *CVE
> ID:*
> [CVE-2019-2692|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2692],
> [CVE-2017-3523|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3523],
> [CVE-2017-3589|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589]
> *Import Path:* core-common/pom.xml, server/pom.xml, kylin-it/pom.xml
> *Suggested Safe Versions:* 8.0.16, 8.0.17, 8.0.18, 8.0.19
> * *Vulnerable Library Version:* org.postgresql : postgresql : 42.1.1 *CVE
> ID:*
> [CVE-2018-10936|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936]
> *Import Path:* datasource-sdk/pom.xml *Suggested Safe Versions:* 42.2.10,
> 42.2.10.jre6, 42.2.10.jre7, 42.2.5, 42.2.5.jre6, 42.2.5.jre7, 42.2.6,
> 42.2.6.jre6, 42.2.6.jre7, 42.2.7, 42.2.7.jre6, 42.2.7.jre7, 42.2.8,
> 42.2.8.jre6, 42.2.8.jre7, 42.2.9, 42.2.9.jre6, 42.2.9.jre7
> * *Vulnerable Library Version:* xerces : xercesImpl : 2.11.0 *CVE ID:*
> [CVE-2012-0881|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881],
> [CVE-2013-4002|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002]
> *Import Path:* kylin-it/pom.xml *Suggested Safe Versions:* 2.12.0
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
