Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17171

Please fix CVEs by removing reference to htrace-core4

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 3.3.0
    • Fix Version/s: None
    • Component/s: common
    • Labels:
      None

      Description

      htrace-core4 is a retired project and even on the latest version they Shade Jackson databind version 2.4.0 which has the following CVEs:

      cve severity cvss
      CVE-2017-15095 critical 9.8
      CVE-2018-1000873 medium 6.5
      CVE-2018-14718 critical 9.8
      CVE-2018-5968 high 8.1
      CVE-2018-7489 critical 9.8
      CVE-2019-14540 critical 9.8
      CVE-2019-14893 critical 9.8
      CVE-2019-16335 critical 9.8
      CVE-2019-16942 critical 9.8
      CVE-2019-16943 critical 9.8
      CVE-2019-17267 critical 9.8
      CVE-2019-17531 critical 9.8
      CVE-2019-20330 critical 9.8
      CVE-2020-10672 high 8.8
      CVE-2020-10673 high 8.8
      CVE-2020-10968 high 8.8
      CVE-2020-10969 high 8.8
      CVE-2020-11111 high 8.8
      CVE-2020-11112 high 8.8
      CVE-2020-11113 high 8.8
      CVE-2020-11619 critical 9.8
      CVE-2020-11620 critical 9.8
      CVE-2020-14060 high 8.1
      CVE-2020-14061 high 8.1
      CVE-2020-14062 high 8.1
      CVE-2020-14195 high 8.1
      CVE-2020-8840 critical 9.8
      CVE-2020-9546 critical 9.8
      CVE-2020-9547 critical 9.8
      CVE-2020-9548 critical 9.8

       

      Our security team is trying to block us from using hadoop because of this

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                AceHack Rodney Aaron Stainback
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: