Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet #3066

olukas · 2021-09-07T07:40:05Z

Jet uses org.apache.hadoop:hadoop-client which uses commons-io:commons-io in version 2.5 which includes following vulnerability:

CVE-2021-29425 - https://nvd.nist.gov/vuln/detail/CVE-2021-29425 (it should be fixed in version 2.7 - however is seems to currently be in UNDERGOING REANALYSIS state in that version)

The text was updated successfully, but these errors were encountered:

fixes #3064 Update Elasticsearch6 to 6.8.17 fixes #3065 Update commons-io:commons-io to 2.7 fixes #3066 Update Jetty to 9.4.43 fixes #3067

olukas added security Pull requests that address a security vulnerability severity:medium Vulnerability scan classification for Medium Severity issues labels Sep 7, 2021

olukas added this to the 4.5.1 milestone Sep 7, 2021

gurbuzali pushed a commit that referenced this issue Sep 7, 2021

Update net.minidev:json-smart to 2.4.7

946906f

fixes #3064 Update Elasticsearch6 to 6.8.17 fixes #3065 Update commons-io:commons-io to 2.7 fixes #3066 Update Jetty to 9.4.43 fixes #3067

degerhz modified the milestones: 4.5.1, 4.5.2 Sep 14, 2021

olukas mentioned this issue Sep 20, 2021

Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet in HZ 5.0 hazelcast/hazelcast#19578

Closed

frant-hartm modified the milestones: 4.5.2, 4.5.3 Dec 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet #3066

Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet #3066

olukas commented Sep 7, 2021

Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet #3066

Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet #3066

Comments

olukas commented Sep 7, 2021