Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.10.0, 2.10.1
-
None
Description
Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable to link CVE-2021-27568.
We can upgrade the version to 1.3.1.
Description of the vulnerability:
An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
Attachments
Issue Links
- is related to
-
HADOOP-17844 Upgrade JSON smart to 2.4.7
- Resolved
- links to