Ahmed Hussein created HADOOP-17885:
--------------------------------------
Summary: Upgrade JSON smart to 1.3.3 on branch-2.10
Key: HADOOP-17885
URL: https://issues.apache.org/jira/browse/HADOOP-17885
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.10.1, 2.10.0
Reporter: Ahmed Hussein
Assignee: Ahmed Hussein
Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable to
[link CVE-2021-27568|https://nvd.nist.gov/vuln/detail/CVE-2021-27568].
We can upgrade the version to 1.3.1.
+Description of the vulnerability:+
{quote}An issue was discovered in netplex json-smart-v1 through 2015-10-23 and
json-smart-v2 through 2.4. An exception is thrown from a function, but it is
not caught, as demonstrated by NumberFormatException. When it is not caught, it
may cause programs using the library to crash or expose sensitive
information.{quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
