Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17885

Upgrade JSON smart to 1.3.3 on branch-2.10

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.10.0, 2.10.1
    • 2.10.2
    • None

    Description

      Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable to link CVE-2021-27568.

      We can upgrade the version to 1.3.1.

      Description of the vulnerability:

      An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-17844 Upgrade JSON smart to 2.4.7

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3370

          Activity

            People

              ahussein Ahmed Hussein
              ahussein Ahmed Hussein
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h