[ https://issues.apache.org/jira/browse/TEZ-4485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
László Bodor resolved TEZ-4485. ------------------------------- Resolution: Fixed > Upgrade jettison to 1.5.4 due to CVE-2023-1436 > ---------------------------------------------- > > Key: TEZ-4485 > URL: https://issues.apache.org/jira/browse/TEZ-4485 > Project: Apache Tez > Issue Type: Improvement > Reporter: Mayank Kunwar > Assignee: Mayank Kunwar > Priority: Major > Fix For: 0.10.3 > > Time Spent: 40m > Remaining Estimate: 0h > > Upgrade jettison to 1.5.4 due to CVE-2023-1436 > CVE-2023-1436:- An infinite recursion is triggered in Jettison when > constructing a JSONArray from a Collection that contains a self-reference in > one of its elements. This leads to a StackOverflowError exception being > thrown. > CVSSv3 Score:- 7.5(High) > Affected Version:- upto 1.5.4(excluding) > [https://nvd.nist.gov/vuln/detail/CVE-2023-1436] > -- This message was sent by Atlassian Jira (v8.20.10#820010)