ssainz commented on issue #2294: URL: https://github.com/apache/drill/issues/2294#issuecomment-1465408956
Hello @jnturton , Hive 3.1.3 is vulnerable to [CVE-2018-21234](https://nvd.nist.gov/vuln/detail/CVE-2018-21234). Please see the [pom.xml of Hive 3.1.3](https://github.com/apache/hive/blob/rel/release-3.1.3/pom.xml#L178): ``` <jodd.version>3.5.2</jodd.version> ``` And, please see Jodd version 3.5.2 is still vulnerable to CVE-2018-21234: https://nvd.nist.gov/vuln/detail/CVE-2018-21234 Because Drill -> uses Hive 3.1.3 -> uses Jodd 3.5.2 that is vulnerable, thus, Drill is vulnerable to CVE-2018-21234. Could you please reopen? Should I create a new defect? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
