[BEAM-14054] Vulnerabilities in org.apache.avro dependencies - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: P2
Resolution: Duplicate
Affects Version/s: 2.37.0
Fix Version/s: Not applicable
Component/s: dependencies, sdk-java-core
Labels:
None

Language:
- Java

Description

The current Avro jar version 1.8.2 has multiple vulnerabilities. This needs to be upgraded to version 1.11.0

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10172

Attachments

Issue Links

duplicates

BEAM-8715 Beam Dependency Update Request: org.apache.avro:avro

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Mohinuddin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Mar/22 22:44

Updated:: 17/Mar/22 17:41

Resolved:: 17/Mar/22 17:41