[jira] [Commented] (KYLIN-5790) Security of kafka-clients

2024-04-09 Thread ASF subversion and git services (Jira) 


[ 
https://issues.apache.org/jira/browse/KYLIN-5790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835452#comment-17835452
 ] 

ASF subversion and git services commented on KYLIN-5790:


Commit 2695c5da83d9ccfb2a3177b9947e6eda4e6c1715 in kylin's branch 
refs/heads/kylin5 from sibingzhang
[ https://gitbox.apache.org/repos/asf?p=kylin.git;h=2695c5da83 ]

KYLIN-5790 Security of kafka-clients

Co-authored-by: sibing.zhang 


> Security of kafka-clients
> -
>
> Key: KYLIN-5790
> URL: https://issues.apache.org/jira/browse/KYLIN-5790
> Project: Kylin
>  Issue Type: Bug
>  Components: Query Engine
>Affects Versions: 5.0-beta
>Reporter: pengfei.zhan
>Assignee: pengfei.zhan
>Priority: Major
> Fix For: 5.0-beta
>
>
> |high 
> (8.8)|[CVE-2023-25194|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194]
>  *(new)*|Deserialization of Untrusted 
> Data|maven:org.apache.kafka:kafka-clients@2.8.2|2023-02-07|2023-02-09|[!https://snyk.io/favicon.ico!Deserialization
>  of Untrusted Data in org.apache.kafka:kafka-clients \| CVE-2023-25194 \| 
> Snyk|https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-3317161]|
> Note: The vulnerability had only a snyk rating: medium - snyk (5.6), now the 
> NVD rating is high (8.8).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KYLIN-5790) Security of kafka-clients

2024-04-09 Thread pengfei.zhan (Jira) 


[ 
https://issues.apache.org/jira/browse/KYLIN-5790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17835420#comment-17835420
 ] 

pengfei.zhan commented on KYLIN-5790:
-

h1. Design

Please refer to the description. Remove some usage from the KYLIN.

> Security of kafka-clients
> -
>
> Key: KYLIN-5790
> URL: https://issues.apache.org/jira/browse/KYLIN-5790
> Project: Kylin
>  Issue Type: Bug
>  Components: Query Engine
>Affects Versions: 5.0-beta
>Reporter: pengfei.zhan
>Assignee: pengfei.zhan
>Priority: Major
> Fix For: 5.0-beta
>
>
> |high 
> (8.8)|[CVE-2023-25194|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194]
>  *(new)*|Deserialization of Untrusted 
> Data|maven:org.apache.kafka:kafka-clients@2.8.2|2023-02-07|2023-02-09|[!https://snyk.io/favicon.ico!Deserialization
>  of Untrusted Data in org.apache.kafka:kafka-clients \| CVE-2023-25194 \| 
> Snyk|https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-3317161]|
> Note: The vulnerability had only a snyk rating: medium - snyk (5.6), now the 
> NVD rating is high (8.8).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)