XuCongying created CARBONDATA-3729:
--------------------------------------
Summary: Please avoid using libraries with CVEs
Key: CARBONDATA-3729
URL: https://issues.apache.org/jira/browse/CARBONDATA-3729
Project: CarbonData
Issue Type: Bug
Reporter: XuCongying
Hi, I noticed that your project are using vulnerable libraries which are
related to some CVEs. To prevent potential security risks it may cause, I
suggest to update the library dependency. See below for more details:
Vulnerable Library Version: org.scala-lang : scala-compiler : 2.11.8
CVE ID:
[CVE-2017-15288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288)
Import Path: integration/spark-common/pom.xml
Suggested Safe Versions: 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7,
2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161,
2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba,
2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 2.13.1
Vulnerable Library Version: org.apache.lucene : lucene-queryparser : 6.3.0
CVE ID:
[CVE-2017-12629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629)
Import Path: datamap/lucene/pom.xml
Suggested Safe Versions: 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.1.0, 7.2.0,
7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0,
8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1
Vulnerable Library Version: org.apache.hive : hive-service : 1.2.1
CVE ID:
[CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
Import Path: integration/hive/pom.xml
Suggested Safe Versions: 1.2.2, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1,
2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
Vulnerable Library Version: com.google.guava : guava : 14.0.1
CVE ID:
[CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
Import Path: datamap/bloom/pom.xml
Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre,
25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre,
27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre,
28.1-android, 28.1-jre, 28.2-android, 28.2-jre
Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1
CVE ID:
[CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521),
[CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
Import Path: integration/hive/pom.xml
Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2
Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.3.4
CVE ID:
[CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678),
[CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826),
[CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770)
Import Path: examples/spark2/pom.xml, integration/spark-common-test/pom.xml,
integration/presto/pom.xml, integration/spark2/pom.xml,
datamap/mv/core/pom.xml, datamap/mv/plan/pom.xml
Suggested Safe Versions: 2.4.5
Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4
CVE ID:
[CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678)
Import Path: integration/spark2/pom.xml, datamap/mv/plan/pom.xml
Suggested Safe Versions: 2.4.5
Vulnerable Library Version: org.apache.lucene : lucene-core : 6.3.0
CVE ID:
[CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
Import Path: datamap/lucene/pom.xml
Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2,
6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1,
7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0,
8.3.1, 8.4.0, 8.4.1
Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1
CVE ID:
[CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521),
[CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
Import Path: integration/hive/pom.xml
Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1,
3.1.2
Vulnerable Library Version: org.apache.thrift : libthrift : 0.9.3
CVE ID:
[CVE-2018-1320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320)
Import Path: format/pom.xml
Suggested Safe Versions: 0.12.0, 0.13.0
Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.2
CVE ID:
[CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
Import Path: core/pom.xml, processing/pom.xml
Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.zookeeper : zookeeper : 3.4.7
CVE ID:
[CVE-2018-8012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012),
[CVE-2019-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201),
[CVE-2017-5637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637)
Import Path: core/pom.xml
Suggested Safe Versions: 3.4.14, 3.5.5, 3.5.6, 3.5.7
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.5
CVE ID:
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
Import Path: integration/flink/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.2
CVE ID:
[CVE-2016-5393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009),
[CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811),
[CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718),
[CVE-2016-3086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086),
[CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713),
[CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029)
Import Path: core/pom.xml, processing/pom.xml, common/pom.xml
Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
Vulnerable Library Version: org.apache.httpcomponents : httpclient : 4.3.4
CVE ID:
[CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577),
[CVE-2015-5262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262)
Import Path: examples/spark2/pom.xml, integration/hive/pom.xml,
integration/spark2/pom.xml, store/sdk/pom.xml
Suggested Safe Versions: 4.3.6, 4.4, 4.4-alpha1, 4.4-beta1, 4.4.1, 4.5,
4.5.1, 4.5.10, 4.5.11, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.6.5
CVE ID:
[CVE-2017-17485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485),
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
[CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
[CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362),
[CVE-2018-11307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307),
[CVE-2018-14721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721),
[CVE-2018-14719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719),
[CVE-2018-7489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
[CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
[CVE-2017-15095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095),
[CVE-2018-14718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
[CVE-2018-19361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361),
[CVE-2018-19360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360),
[CVE-2018-14720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942),
[CVE-2017-7525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525)
Import Path: store/sdk/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind :
2.8.1
CVE ID:
[CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
[CVE-2017-17485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485),
[CVE-2018-11307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307),
[CVE-2018-7489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489),
[CVE-2018-19360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360),
[CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
[CVE-2017-15095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095),
[CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
[CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379),
[CVE-2018-14720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720),
[CVE-2018-12023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023),
[CVE-2017-7525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525),
[CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
[CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
[CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
[CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
[CVE-2018-14721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721),
[CVE-2018-14719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719),
[CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
[CVE-2018-14718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718),
[CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362),
[CVE-2018-19361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361),
[CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
Import Path: integration/presto/pom.xml
Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3
Vulnerable Library Version: org.apache.solr : solr-core : 6.3.0
CVE ID:
[CVE-2017-12629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629),
[CVE-2018-8010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8010),
[CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163),
[CVE-2017-7660](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7660),
[CVE-2017-9803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9803),
[CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164),
[CVE-2018-8026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8026),
[CVE-2019-0192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192)
Import Path: datamap/lucene/pom.xml
Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0,
8.3.0, 8.3.1, 8.4.0, 8.4.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
