kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "XuCongying (Jira)" <j...@apache.org>
Subject [jira] [Created] (KYLIN-4394) CVEs in the library dependencies
Date Sun, 01 Mar 2020 12:30:00 GMT
XuCongying created KYLIN-4394:
---------------------------------

             Summary: CVEs in the library dependencies
                 Key: KYLIN-4394
                 URL: https://issues.apache.org/jira/browse/KYLIN-4394
             Project: Kylin
          Issue Type: Bug
            Reporter: XuCongying


Hi, I have noticed that some library CVEs may be related to your projects. To prevent potential
risk it may cause, I suggest a library update. See below for more details:
 
Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.0.0
  CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
  Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
  Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
 
Vulnerable Library Version: com.google.guava : guava : 18.0
  CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
  Import Path: flume-ng-sinks/flume-http-sink/pom.xml
  Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android,
25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android,
27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
 
Vulnerable Library Version: com.google.guava : guava : 11.0.2
  CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
  Import Path: flume-ng-auth/pom.xml, flume-ng-core/pom.xml...(The rest of the 11 paths is
hidden.)
  Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android,
25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android,
27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
 
Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.0
  CVE ID: [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
  Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
  Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2
 
Vulnerable Library Version: org.eclipse.jetty : jetty-util : 9.4.6.v20170531
  CVE ID: [CVE-2017-9735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9735), [CVE-2019-10246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10246),
[CVE-2019-10241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241), [CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
  Import Path: flume-ng-core/pom.xml
  Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 9.4.18.v20190429,
9.4.19.v20190610, 9.4.20.v20190813, 9.4.21.v20190926, 9.4.22.v20191022, 9.4.23.v20191118,
9.4.24.v20191120, 9.4.25.v20191220, 9.4.26.v20200117

 Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.1
  CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
  Import Path: flume-ng-sources/flume-kafka-source/pom.xml, flume-ng-sources/flume-kafka-source/pom.xml,
flume-ng-channels/flume-kafka-channel/pom.xml, flume-shared/flume-shared-kafka-test/pom.xml,
flume-ng-sinks/flume-ng-kafka-sink/pom.xml
  Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0

 Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.9.0
  CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
  Import Path: flume-ng-sinks/flume-hdfs-sink/pom.xml
  Suggested Safe Versions: 2.10.0, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1

 Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.6.v20170531
  CVE ID: [CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247),
[CVE-2017-7658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658), [CVE-2017-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656),
[CVE-2017-7657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657), [CVE-2018-12538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12538),
[CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
  Import Path: flume-ng-core/pom.xml
  Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 9.4.18.v20190429,
9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 9.4.25.v20191220, 9.4.26.v20200117

 Vulnerable Library Version: org.apache.hive : hive-cli : 1.0.0
  CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
  Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
  Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

 Vulnerable Library Version: org.apache.zookeeper : zookeeper : 3.4.5
  CVE ID: [CVE-2017-5637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637), [CVE-2018-8012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012),
[CVE-2019-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201), [CVE-2014-0085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0085)
  Import Path: flume-ng-sources/flume-kafka-source/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
  Suggested Safe Versions: 3.4.14, 3.5.5, 3.5.6, 3.5.7

 Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.9.0
  CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
  Import Path: flume-ng-auth/pom.xml, flume-ng-configfilters/flume-ng-hadoop-credential-store-config-filter/pom.xml,
flume-ng-tests/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml, flume-ng-sinks/flume-dataset-sink/pom.xml,
flume-ng-sinks/flume-hdfs-sink/pom.xml, flume-ng-sinks/flume-ng-kudu-sink/pom.xml, flume-ng-sinks/flume-hive-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
  Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

 Vulnerable Library Version: org.apache.mina : mina-core : 2.0.4
  CVE ID: [CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
  Import Path: flume-ng-core/pom.xml
  Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2

 Vulnerable Library Version: org.apache.hbase : hbase-client : 1.0.0
  CVE ID: [CVE-2015-1836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1836)
  Import Path: flume-ng-sinks/flume-ng-hbase-sink/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
  Suggested Safe Versions: 1.0.1.1, 1.0.2, 1.0.3, 1.1.0.1, 1.1.1, 1.1.10, 1.1.11, 1.1.12,
1.1.13, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.10, 1.2.11,
1.2.12, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 1.2.8, 1.2.9, 1.3.0, 1.3.1, 1.3.2,
1.3.2.1, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.10, 1.4.11, 1.4.12, 1.4.2, 1.4.3, 1.4.4,
1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.0, 2.0.0, 2.0.0-alpha-1, 2.0.0-alpha2, 2.0.0-alpha3,
2.0.0-alpha4, 2.0.0-beta-1, 2.0.0-beta-2, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0,
2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3

 Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.0.0
  CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
  Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
  Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

 Vulnerable Library Version: org.elasticsearch : elasticsearch : 0.90.1
  CVE ID: [CVE-2015-5531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5531), [CVE-2014-3120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120),
[CVE-2015-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427), [CVE-2015-3337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337),
[CVE-2014-6439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6439)
  Import Path: flume-ng-sinks/flume-ng-elasticsearch-sink/pom.xml
  Suggested Safe Versions: 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6,
2.0.0, 2.0.0-beta1, 2.0.0-beta2, 2.0.0-rc1, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1,
2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5,
2.4.6, 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 7.6.0

 Vulnerable Library Version: org.apache.hive : hive-metastore : 1.0.0
  CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
  Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
  Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

 Vulnerable Library Version: xerces : xercesImpl : 2.9.1
  CVE ID: [CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881), [CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
  Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
  Suggested Safe Versions: 2.12.0




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message