[jira] [Closed] (STORM-3592) Vulnerable dependencies in your project.(CVEs)

Richard Zowalla (Jira) Thu, 23 Nov 2023 03:53:03 -0800


     [ 
https://issues.apache.org/jira/browse/STORM-3592?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Richard Zowalla closed STORM-3592.
----------------------------------
    Resolution: Invalid

Looks like this is outdated as we updated a lot of dependencies since this was 
reported. Feel free to open a new Jira.

> Vulnerable dependencies in your project.(CVEs)
> ----------------------------------------------
>
>                 Key: STORM-3592
>                 URL: https://issues.apache.org/jira/browse/STORM-3592
>             Project: Apache Storm
>          Issue Type: Dependency upgrade
>            Reporter: XuCongying
>            Priority: Major
>
> Hi,
> I found some CVEs in the library dependencies, which may affect the security 
> of your projects. In order to avoid threats, I recommend updating to a safe 
> version. Here is the detailed information:
>  
> Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.8.5
>   CVE ID: 
> [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
>  [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
>   Import Path: external/storm-hdfs/pom.xml, 
> external/storm-hdfs-blobstore/pom.xml, 
> external/storm-blobstore-migration/pom.xml
>   Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  Vulnerable Library Version: org.eclipse.jetty : jetty-server : 
> 9.4.14.v20181114
>   CVE ID: 
> [CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247)
>   Import Path: examples/storm-loadgen/pom.xml, storm-core/pom.xml
>   Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 
> 9.4.25.v20191220, 9.4.26.v20200117
>  Vulnerable Library Version: org.apache.commons : commons-compress : 1.18
>   CVE ID: 
> [CVE-2019-12402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402)
>   Import Path: storm-server/pom.xml, examples/storm-pmml-examples/pom.xml
>   Suggested Safe Versions: 1.19, 1.20
>  Vulnerable Library Version: org.eclipse.jetty : jetty-util : 9.4.14.v20181114
>   CVE ID: 
> [CVE-2019-10246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10246),
>  
> [CVE-2019-10241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241)
>   Import Path: storm-core/pom.xml
>   Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 
> 9.4.18.v20190429, 9.4.19.v20190610, 9.4.20.v20190813, 9.4.21.v20190926, 
> 9.4.22.v20191022, 9.4.23.v20191118, 9.4.24.v20191120, 9.4.25.v20191220, 
> 9.4.26.v20200117
>  Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 0.11.0.3
>   CVE ID: 
> [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
>   Import Path: external/storm-kafka-client/pom.xml, 
> external/storm-kafka-client/pom.xml
>   Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  Vulnerable Library Version: com.google.guava : guava : 17.0
>   CVE ID: 
> [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
>   Import Path: external/storm-solr/pom.xml, 
> examples/storm-solr-examples/pom.xml
>   Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 
> 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 
> 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 
> 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
>  Vulnerable Library Version: com.google.guava : guava : 16.0.1
>   CVE ID: 
> [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
>   Import Path: sql/storm-sql-runtime/pom.xml, 
> sql/storm-sql-external/storm-sql-hdfs/pom.xml...(The rest of the 17 paths is 
> hidden.)
>   Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 
> 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 
> 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 
> 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
>  Vulnerable Library Version: org.apache.thrift : libthrift : 0.9.3
>   CVE ID: 
> [CVE-2018-1320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1320)
>   Import Path: external/storm-hive/pom.xml
>   Suggested Safe Versions: 0.12.0, 0.13.0
>  Vulnerable Library Version: org.apache.activemq : activemq-client : 5.15.8
>   CVE ID: 
> [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
>   Import Path: examples/storm-jms-examples/pom.xml
>   Suggested Safe Versions: 5.15.10, 5.15.11, 5.15.9
>  Vulnerable Library Version: org.apache.solr : solr-core : 5.5.5
>   CVE ID: 
> [CVE-2017-3164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3164),
>  [CVE-2019-0192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0192)
>   Import Path: external/storm-solr/pom.xml
>   Suggested Safe Versions: 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 
> 8.3.0, 8.3.1, 8.4.0, 8.4.1
>  Vulnerable Library Version: org.fusesource.mqtt-client : mqtt-client : 1.14
>   CVE ID: 
> [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
>   Import Path: examples/storm-mqtt-examples/pom.xml
>   Suggested Safe Versions: 1.16
>  Vulnerable Library Version: org.fusesource.mqtt-client : mqtt-client : 1.10
>   CVE ID: 
> [CVE-2019-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222)
>   Import Path: external/storm-mqtt/pom.xml
>   Suggested Safe Versions: 1.16
>  Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 
> 2.9.8
>   CVE ID: 
> [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840),
>  
> [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335),
>  
> [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330),
>  
> [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384),
>  
> [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086),
>  
> [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531),
>  
> [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439),
>  
> [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814),
>  
> [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943),
>  
> [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379),
>  
> [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540),
>  
> [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267),
>  
> [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
>   Import Path: sql/storm-sql-runtime/pom.xml, external/storm-hbase/pom.xml, 
> external/storm-elasticsearch/pom.xml, external/storm-kafka-migration/pom.xml, 
> external/storm-redis/pom.xml, external/storm-opentsdb/pom.xml, 
> external/storm-kafka-client/pom.xml, storm-webapp/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (STORM-3592) Vulnerable dependencies in your project.(CVEs)

Reply via email to