[jira] [Commented] (KYLIN-5790) Security of kafka-clients

pengfei.zhan (Jira) Tue, 09 Apr 2024 06:25:49 -0700


    [ 
https://issues.apache.org/jira/browse/KYLIN-5790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17835420#comment-17835420
 ]


pengfei.zhan commented on KYLIN-5790:
-------------------------------------

h1. Design

Please refer to the description. Remove some usage from the KYLIN.

> Security of kafka-clients
> -------------------------
>
>                 Key: KYLIN-5790
>                 URL: https://issues.apache.org/jira/browse/KYLIN-5790
>             Project: Kylin
>          Issue Type: Bug
>          Components: Query Engine
>    Affects Versions: 5.0-beta
>            Reporter: pengfei.zhan
>            Assignee: pengfei.zhan
>            Priority: Major
>             Fix For: 5.0-beta
>
>
> |high 
> (8.8)|[CVE-2023-25194|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25194]
>  *(new)*|Deserialization of Untrusted 
> Data|maven:org.apache.kafka:kafka-clients@2.8.2|2023-02-07|2023-02-09|[!https://snyk.io/favicon.ico!Deserialization
>  of Untrusted Data in org.apache.kafka:kafka-clients \| CVE-2023-25194 \| 
> Snyk|https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-3317161]|
> Note: The vulnerability had only a snyk rating: medium - snyk (5.6), now the 
> NVD rating is high (8.8).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KYLIN-5790) Security of kafka-clients

Reply via email to