Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17885

Upgrade JSON smart to 1.3.3 on branch-2.10

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.10.0, 2.10.1
    • 2.10.2
    • None

    Description

      Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable to link CVE-2021-27568.

      We can upgrade the version to 1.3.1.

      Description of the vulnerability:

      An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ahussein Ahmed Hussein
            ahussein Ahmed Hussein
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h

                Slack

                  Issue deployment