Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Reviewed
Description
Currently we are using JSON Smart 2.4.2 version which is vulnerable to - CVE-2021-31684.
We can upgrade the version to 2.4.7 (2.4.5 or later).
Attachments
Issue Links
- relates to
-
HADOOP-17885 Upgrade JSON smart to 1.3.3 on branch-2.10
-
- Resolved
-
-
HADOOP-17633 Bump json-smart to 2.4.2 and nimbus-jose-jwt to 9.8 due to CVEs
-
- Resolved
-
- links to