flume-ng-dist-1.9.0 requires the parquet-avro component, and the required version is as follows:
The parquet-avro is maintained by apache from 1.6.0, but there are vulnerabilities with each version. There is also a vulnerability in parquet-avro version 1.4.1，as detailed : Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions. https://nvd.nist.gov/vuln/detail/CVE-2021-41561
Do you have any good solutions?