XuCongying created GIRAPH-1232:
----------------------------------
Summary: Some dependencies contain CVEs
Key: GIRAPH-1232
URL: https://issues.apache.org/jira/browse/GIRAPH-1232
Project: Giraph
Issue Type: Bug
Reporter: XuCongying
Hi, I have noticed that some library CVEs may be related to your projects. To
prevent potential risk it may cause, I suggest a library update. Please note
the following details.
Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
CVE ID:
[CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
Import Path: giraph-hbase/pom.xml, giraph-dist/pom.xml...(The rest of the 14
paths is hidden.)
Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541,
20040616, 3.2.2
Vulnerable Library Version: org.apache.hadoop : hadoop-yarn-server-nodemanager
: 2.5.1
CVE ID:
[CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811),
[CVE-2014-3627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3627),
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029)
Import Path: giraph-block-app/pom.xml, giraph-rexster/giraph-kibble/pom.xml,
giraph-rexster/pom.xml, giraph-rexster/giraph-rexster-io/pom.xml,
giraph-block-app-8/pom.xml, pom.xml, giraph-gora/pom.xml,
giraph-debugger/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hive : hive-exec : 0.11.0
CVE ID:
[CVE-2014-0228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0228),
[CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777),
[CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
Import Path: giraph-hcatalog/pom.xml
Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2
Vulnerable Library Version: org.apache.thrift : libthrift : 0.9.0
CVE ID:
[CVE-2018-1320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320)
Import Path: giraph-hcatalog/pom.xml
Suggested Safe Versions: 0.12.0, 0.13.0
Vulnerable Library Version: org.apache.zookeeper : zookeeper : 3.4.5
CVE ID:
[CVE-2017-5637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637),
[CVE-2018-8012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012),
[CVE-2019-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201),
[CVE-2014-0085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0085)
Import Path: giraph-core/pom.xml, giraph-rexster/giraph-rexster-io/pom.xml,
giraph-examples/pom.xml, giraph-gora/pom.xml
Suggested Safe Versions: 3.4.14, 3.5.5, 3.5.6, 3.5.7
Vulnerable Library Version: org.apache.hadoop : hadoop-yarn-common : 2.5.1
CVE ID:
[CVE-2014-3627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3627)
Import Path: giraph-block-app/pom.xml, giraph-rexster/giraph-kibble/pom.xml,
giraph-rexster/pom.xml, giraph-rexster/giraph-rexster-io/pom.xml,
giraph-block-app-8/pom.xml, pom.xml, giraph-gora/pom.xml,
giraph-debugger/pom.xml
Suggested Safe Versions: 2.10.0, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4,
2.6.5, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1,
2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.0-alpha1,
3.0.0-alpha2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3,
3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.5.1
CVE ID:
[CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811),
[CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713),
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
Import Path: giraph-block-app/pom.xml, giraph-rexster/giraph-kibble/pom.xml,
giraph-rexster/pom.xml, giraph-rexster/giraph-rexster-io/pom.xml,
giraph-block-app-8/pom.xml, pom.xml, giraph-gora/pom.xml,
giraph-debugger/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hadoop : hadoop-mapreduce-client-core :
2.5.1
CVE ID:
[CVE-2017-3166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166)
Import Path: giraph-block-app/pom.xml, giraph-rexster/giraph-kibble/pom.xml,
giraph-rexster/pom.xml, giraph-rexster/giraph-rexster-io/pom.xml,
giraph-block-app-8/pom.xml, pom.xml, giraph-gora/pom.xml,
giraph-debugger/pom.xml
Suggested Safe Versions: 2.10.0, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1,
2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 3.0.0-alpha4, 3.0.0-beta1,
3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: com.google.guava : guava : 21.0
CVE ID:
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
Import Path: giraph-hbase/pom.xml, giraph-core/pom.xml,
giraph-hcatalog/pom.xml, giraph-block-app/pom.xml,
giraph-rexster/giraph-rexster-io/pom.xml, giraph-block-app-8/pom.xml,
giraph-accumulo/pom.xml, giraph-examples/pom.xml, giraph-debugger/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.0.1
CVE ID:
[CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
[CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783),
[CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
Import Path: giraph-hbase/pom.xml, giraph-dist/pom.xml...(The rest of the 14
paths is hidden.)
Suggested Safe Versions: 3.0alpha2
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
