Ahmed Hussein created HADOOP-17885: -------------------------------------- Summary: Upgrade JSON smart to 1.3.3 on branch-2.10 Key: HADOOP-17885 URL: https://issues.apache.org/jira/browse/HADOOP-17885 Project: Hadoop Common Issue Type: Bug Affects Versions: 2.10.1, 2.10.0 Reporter: Ahmed Hussein Assignee: Ahmed Hussein
Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable to [link CVE-2021-27568|https://nvd.nist.gov/vuln/detail/CVE-2021-27568]. We can upgrade the version to 1.3.1. +Description of the vulnerability:+ {quote}An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.{quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org