[jira] [Created] (HDFS-16701) Vulnerable with OkhttpClient library of hadoop-client's transitive dependency

Jayabal Manoharan (Jira) Fri, 29 Jul 2022 03:51:05 -0700

Jayabal Manoharan created HDFS-16701:
----------------------------------------


             Summary: Vulnerable with OkhttpClient library of hadoop-client's 
transitive dependency
                 Key: HDFS-16701
                 URL: https://issues.apache.org/jira/browse/HDFS-16701
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: hadoop-client
    Affects Versions: 3.3.3
            Reporter: Jayabal Manoharan


Due to okhttp 2.7.5 dependency of HDFS client 3.3.3,receiving the 
vulnerabilities of
 * OkHttp Cached HTTP / HTTP/2 Headers Non-ASCII Character Handling Remote Dos 
attack
 * OkHttp Non-ASCII ETag Header Handling Remote Dos attack. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDFS-16701) Vulnerable with OkhttpClient library of hadoop-client's transitive dependency

Reply via email to