[
https://issues.apache.org/jira/browse/ZOOKEEPER-3677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Patrick D. Hunt resolved ZOOKEEPER-3677.
----------------------------------------
Fix Version/s: 3.6.1
3.7.0
3.5.7
Hadoop Flags: Reviewed
Resolution: Fixed
Committed the change to branches 3.5/3.6/master. Thanks [~eolivelli] !
> owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization
> of untrusted data in SocketServer
> -------------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3677
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3677
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Reporter: Patrick D. Hunt
> Assignee: Enrico Olivelli
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.5.7, 3.7.0, 3.6.1
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Doesn't look like this impacts us (we don't use SocketServer) however we
> should figure out what to do as the owasp checker is failing and the rating
> is quite high (9.8 - bound to get interest)
> https://nvd.nist.gov/vuln/detail/CVE-2019-17571
> Perhaps ZOOKEEPER-2342 should be prioritized.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
