ssainz commented on issue #2294:
URL: https://github.com/apache/drill/issues/2294#issuecomment-1465408956

   Hello @jnturton , Hive 3.1.3 is vulnerable to 
[CVE-2018-21234](https://nvd.nist.gov/vuln/detail/CVE-2018-21234).
   
   Please see the [pom.xml of Hive 
3.1.3](https://github.com/apache/hive/blob/rel/release-3.1.3/pom.xml#L178):
   
   ```
   <jodd.version>3.5.2</jodd.version>
   ```
   
   And, please see Jodd version 3.5.2 is still vulnerable to CVE-2018-21234: 
https://nvd.nist.gov/vuln/detail/CVE-2018-21234
   
   Because Drill -> uses Hive 3.1.3 -> uses Jodd 3.5.2 that is vulnerable, 
thus, Drill is vulnerable to CVE-2018-21234. 
   
   Could you please reopen? Should I create a new defect?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to