kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yaqian Zhang (Jira)" <j...@apache.org>
Subject [jira] [Assigned] (KYLIN-4394) CVEs in the library dependencies
Date Mon, 02 Mar 2020 05:13:00 GMT

     [ https://issues.apache.org/jira/browse/KYLIN-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Yaqian Zhang reassigned KYLIN-4394:
-----------------------------------

    Assignee: Yaqian Zhang

> CVEs in the library dependencies
> --------------------------------
>
>                 Key: KYLIN-4394
>                 URL: https://issues.apache.org/jira/browse/KYLIN-4394
>             Project: Kylin
>          Issue Type: Bug
>          Components: Security
>            Reporter: XuCongying
>            Assignee: Yaqian Zhang
>            Priority: Major
>
> Hi, I have noticed that some library CVEs may be related to your projects. To prevent
potential risk it may cause, I suggest a library update. See below for more details:
>  
> Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-streaming : 1.0.0
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  
> Vulnerable Library Version: com.google.guava : guava : 18.0
>   CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
>   Import Path: flume-ng-sinks/flume-http-sink/pom.xml
>   Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android,
25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android,
27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
>  
> Vulnerable Library Version: com.google.guava : guava : 11.0.2
>   CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
>   Import Path: flume-ng-auth/pom.xml, flume-ng-core/pom.xml...(The rest of the 11 paths
is hidden.)
>   Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android,
25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android,
27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre
>  
> Vulnerable Library Version: org.apache.hive : hive-exec : 1.0.0
>   CVE ID: [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777),
[CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
>   Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
>   Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2
>  
> Vulnerable Library Version: org.eclipse.jetty : jetty-util : 9.4.6.v20170531
>   CVE ID: [CVE-2017-9735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9735),
[CVE-2019-10246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10246), [CVE-2019-10241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241),
[CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
>   Import Path: flume-ng-core/pom.xml
>   Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 9.4.18.v20190429,
9.4.19.v20190610, 9.4.20.v20190813, 9.4.21.v20190926, 9.4.22.v20191022, 9.4.23.v20191118,
9.4.24.v20191120, 9.4.25.v20191220, 9.4.26.v20200117
>  Vulnerable Library Version: org.apache.kafka : kafka_2.11 : 2.0.1
>   CVE ID: [CVE-2019-17196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17196)
>   Import Path: flume-ng-sources/flume-kafka-source/pom.xml, flume-ng-sources/flume-kafka-source/pom.xml,
flume-ng-channels/flume-kafka-channel/pom.xml, flume-shared/flume-shared-kafka-test/pom.xml,
flume-ng-sinks/flume-ng-kafka-sink/pom.xml
>   Suggested Safe Versions: 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0
>  Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.9.0
>   CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
>   Import Path: flume-ng-sinks/flume-hdfs-sink/pom.xml
>   Suggested Safe Versions: 2.10.0, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  Vulnerable Library Version: org.eclipse.jetty : jetty-server : 9.4.6.v20170531
>   CVE ID: [CVE-2019-10247](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247),
[CVE-2017-7658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7658), [CVE-2017-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7656),
[CVE-2017-7657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7657), [CVE-2018-12538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12538),
[CVE-2018-12536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12536)
>   Import Path: flume-ng-core/pom.xml
>   Suggested Safe Versions: 10.0.0-alpha0, 10.0.0.alpha1, 9.4.17.v20190418, 9.4.18.v20190429,
9.4.19.v20190610, 9.4.20.v20190813, 9.4.24.v20191120, 9.4.25.v20191220, 9.4.26.v20200117
>  Vulnerable Library Version: org.apache.hive : hive-cli : 1.0.0
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.apache.zookeeper : zookeeper : 3.4.5
>   CVE ID: [CVE-2017-5637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5637),
[CVE-2018-8012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8012), [CVE-2019-0201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0201),
[CVE-2014-0085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0085)
>   Import Path: flume-ng-sources/flume-kafka-source/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
>   Suggested Safe Versions: 3.4.14, 3.5.5, 3.5.6, 3.5.7
>  Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.9.0
>   CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029),
[CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
>   Import Path: flume-ng-auth/pom.xml, flume-ng-configfilters/flume-ng-hadoop-credential-store-config-filter/pom.xml,
flume-ng-tests/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml, flume-ng-sinks/flume-dataset-sink/pom.xml,
flume-ng-sinks/flume-hdfs-sink/pom.xml, flume-ng-sinks/flume-ng-kudu-sink/pom.xml, flume-ng-sinks/flume-hive-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
>   Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  Vulnerable Library Version: org.apache.mina : mina-core : 2.0.4
>   CVE ID: [CVE-2019-0231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0231)
>   Import Path: flume-ng-core/pom.xml
>   Suggested Safe Versions: 2.0.21, 2.1.2, 2.1.3, 3.0.0-M1, 3.0.0-M2
>  Vulnerable Library Version: org.apache.hbase : hbase-client : 1.0.0
>   CVE ID: [CVE-2015-1836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1836)
>   Import Path: flume-ng-sinks/flume-ng-hbase-sink/pom.xml, flume-ng-sinks/flume-ng-hbase-sink/pom.xml,
flume-ng-sinks/flume-ng-hbase2-sink/pom.xml
>   Suggested Safe Versions: 1.0.1.1, 1.0.2, 1.0.3, 1.1.0.1, 1.1.1, 1.1.10, 1.1.11, 1.1.12,
1.1.13, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.10, 1.2.11,
1.2.12, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 1.2.8, 1.2.9, 1.3.0, 1.3.1, 1.3.2,
1.3.2.1, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.10, 1.4.11, 1.4.12, 1.4.2, 1.4.3, 1.4.4,
1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.0, 2.0.0, 2.0.0-alpha-1, 2.0.0-alpha2, 2.0.0-alpha3,
2.0.0-alpha4, 2.0.0-beta-1, 2.0.0-beta-2, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0,
2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3
>  Vulnerable Library Version: org.apache.hive.hcatalog : hive-hcatalog-core : 1.0.0
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: org.elasticsearch : elasticsearch : 0.90.1
>   CVE ID: [CVE-2015-5531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5531),
[CVE-2014-3120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120), [CVE-2015-1427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427),
[CVE-2015-3337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3337), [CVE-2014-6439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6439)
>   Import Path: flume-ng-sinks/flume-ng-elasticsearch-sink/pom.xml
>   Suggested Safe Versions: 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6,
2.0.0, 2.0.0-beta1, 2.0.0-beta2, 2.0.0-rc1, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1,
2.2.2, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5,
2.4.6, 6.8.4, 6.8.5, 6.8.6, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.5.2, 7.6.0
>  Vulnerable Library Version: org.apache.hive : hive-metastore : 1.0.0
>   CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
>   Import Path: flume-ng-sinks/flume-dataset-sink/pom.xml
>   Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2,
2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2
>  Vulnerable Library Version: xerces : xercesImpl : 2.9.1
>   CVE ID: [CVE-2012-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881),
[CVE-2013-4002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002)
>   Import Path: flume-ng-sinks/flume-hive-sink/pom.xml
>   Suggested Safe Versions: 2.12.0



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message