Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-6181

Upgrade janino to 3.1.11

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.37.0
    • None

    Description

      Upgrade Janino to 3.1.9+ due to CVE-2023-33546

      janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.

      CVSSv3 Score:- 5.5(Medium)

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. CALCITE-5361 Upgrade janino version to 3.1.9

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #3602

          Activity

            People

              Unassigned Unassigned
              devaspatikrishnatri Devaspati Krishnatri
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: