Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Not A Problem
-
10.14.2.0
-
None
-
None
-
None
-
Blocker
Description
Use a security tool to scan the derby 10.14.2.0 installation package. The result shows that derbynet.jar contains the CVE-2020-13949 vulnerability. The vulnerability is related to Hive and Thrift, but no reference is found in the derby 10.14.2.0 source code.
Is it a false positive? Which of the following application scenarios will be affected if the vulnerability is involved?
For details about the scanning result, see the attachment.
Vulnerability Details: