[
https://issues.apache.org/jira/browse/HDFS-15333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hridesh updated HDFS-15333:
---------------------------
Summary: Vulnerability fixes need for jackson-databinding HDFS dependency
library (was: Vulnerability fixes need for jackson-databinding on "HTrace")
> Vulnerability fixes need for jackson-databinding HDFS dependency library
> ------------------------------------------------------------------------
>
> Key: HDFS-15333
> URL: https://issues.apache.org/jira/browse/HDFS-15333
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.2.1
> Environment: [^hdfs_imagescan_result.csv]
> Reporter: Hridesh
> Priority: Critical
> Attachments: hdfs_imagescan_result.csv
>
>
> HDFS dependent library "htrace-core4-4.1.0-incubating" build with jackson
> 2.4.0. POM URL:
> [https://github.com/apache/incubator-retired-htrace/blob/e12b5fcfaafa56d676fee5f873da01df6b61dac9/pom.xml.]
>
> Jackson version < 2.9.1 has below list of vulnerabilities:
> CVE-2019-14379
> CVE-2019-16335
> CVE-2019-17531
> CVE-2019-14540
> CVE-2018-11307
> CVE-2019-12402
> CVE-2018-7489
> CVE-2018-12022
> CVE-2019-14439
> CVE-2017-15095
> CVE-2017-7525
> CVE-2017-17485
>
> Attaching image scan result file.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
