Smith-Cruise opened a new pull request, #3863:
URL: https://github.com/apache/paimon/pull/3863
<!-- Please specify the module before the PR name: [core] ... or [flink] ...
-->
```bash
┌────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │
Severity │ Status │ Installed Version │ Fixed Version │
Title │
├────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ io.airlift:aircompressor (paimon-bundle-0.8.2.jar) │ CVE-2024-36114 │ HIGH
│ fixed │ 0.21 │ 0.27 │ Decompressors can crash the
JVM and leak memory content in │
│ │ │
│ │ │ │ Aircompressor
│
│ │ │
│ │ │ │
https://avd.aquasec.com/nvd/cve-2024-36114 │
├────────────────────────────────────────────────────┼────────────────┤
│
├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ org.apache.commons:commons-compress │ CVE-2024-25710 │
│ │ 1.22 │ 1.26.0 │ commons-compress: Denial of
service caused by an infinite │
│ (paimon-bundle-0.8.2.jar) │ │
│ │ │ │ loop for a corrupted...
│
│ │ │
│ │ │ │
https://avd.aquasec.com/nvd/cve-2024-25710 │
│ ├────────────────┤
│ │ │
├─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-26308 │
│ │ │ │ commons-compress:
OutOfMemoryError unpacking broken Pack200 │
│ │ │
│ │ │ │ file
│
│ │ │
│ │ │ │
https://avd.aquasec.com/nvd/cve-2024-26308 │
│
├────────────────┼──────────┤ │
├───────────────┼─────────────────────────────────────────────────────────────┤
│ │ CVE-2023-42503 │
MEDIUM │ │ │ 1.24.0 │
apache-commons-compress: Denial of service via CPU │
│ │ │
│ │ │ │ consumption for malformed
TAR file │
│ │ │
│ │ │ │
https://avd.aquasec.com/nvd/cve-2023-42503 │
└────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
```
### Purpose
fix it
<!-- What is the purpose of the change -->
### Tests
<!-- List UT and IT cases to verify this change -->
### API and Format
<!-- Does this change affect API or storage format -->
### Documentation
<!-- Does this change introduce a new feature -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
