Indranil Roy Chowdhury created STORM-3852:
---------------------------------------------
Summary: Storm 1.2.4 Vulnerability in Grype Scan
Key: STORM-3852
URL: https://issues.apache.org/jira/browse/STORM-3852
Project: Apache Storm
Issue Type: Improvement
Affects Versions: 1.2.4
Reporter: Indranil Roy Chowdhury
Attachments: Storm 1.2.4 VA Analysis.xls
[ Grype|https://github.com/anchore/grype] scan done on Storm 1.2.4 distribution
identifies several vulnerabilities due dependent jars of several modules.
Please refer to attached xls workbook for a detailed listing.
Summary of all CVEs are as below. Mitigating critical and high vulnerabilities
are much needed for production deployment of storm. Please investigate and
advise how the critical and high defects can be addressed at minimum.
||Severity||Count||
|Critical|63|
|High|122|
|Medium|43|
|Low|7|
*NOTE* : Over 90% of reported issues are originating from Storm external folder
artifacts. Without considering artifacts in external folder the reported
summary is as below.
||Severity||Count||
|Critical|14|
|High|31|
|Medium|24|
|Low|4|
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
