lijunbin created DERBY-7135:
-------------------------------
Summary: Does derby 10.14.2.0 contain the CVE-2020-13949
vulnerability?
Key: DERBY-7135
URL: https://issues.apache.org/jira/browse/DERBY-7135
Project: Derby
Issue Type: Bug
Affects Versions: 10.14.2.0
Reporter: lijunbin
Attachments: Snipaste_2022-03-22_00-43-37.png
Use a security tool to scan the derby 10.14.2.0 installation package. *The
result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* The
vulnerability is related to Hive and Thrift, but no reference is found in the
derby 10.14.2.0 source code.
*Is it a false positive? Which of the following application scenarios will be
affected if the vulnerability is involved?*
For details about the scanning result, see the attachment.
Vulnerability Details:
[https://nvd.nist.gov/vuln/detail/CVE-2020-13949]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
