Uploaded image for project: 'Flume'
  1. Flume
  2. FLUME-3356

Probable security issue in Flume

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.9.0
    • 1.10.0
    • None
    • None

    Description

      While security scanning one of my projects through WhiteSource I encountered a vulnerability by ID CVE-2019-10202 [1] from Flume 1.9.0

       

      Further investigating on this, the issue was from one of your used dependency Avro 1.7.4 which is vulnerable due to the use of jackson-core-asl and jackson-mapper-asl. This issue from project Avro is fixed in version 1.9.2 [2]

       

      Is this vulnerability affects Flume or Is this a known vulnerability?

      Is there a plan to release a new version of Flume with updated Avro?

       

      1. https://nvd.nist.gov/vuln/detail/CVE-2019-10202
      2. https://mvnrepository.com/artifact/org.apache.avro/avro/1.9.2

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            manjunathms35 Manjunath Mandya Surendrakumar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment