[
https://issues.apache.org/jira/browse/FLUME-3444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17631506#comment-17631506
]
Vishnu Kumar commented on FLUME-3444:
-------------------------------------
[~tmgstev] , [~rgoers] , Could you please help in getting this issue closed.
GitHub PR - [https://github.com/apache/flume/pull/390]
> Upgrade commons-text from 1.9.0 to 1.10.0 - (CVE-2022-42889)
> ------------------------------------------------------------
>
> Key: FLUME-3444
> URL: https://issues.apache.org/jira/browse/FLUME-3444
> Project: Flume
> Issue Type: Bug
> Affects Versions: 1.11.0
> Reporter: Vishnu Kumar
> Priority: Major
> Labels: CVE-2022-42889, security
>
> Apache Commons Text versions prior to 1.10.0 are vulnerable to
> [CVE-2022-42889|https://nvd.nist.gov/vuln/detail/CVE-2022-42889], which
> involves potential script execution when processing untrusted input using
> {{StringLookup}}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
