Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18148

json smart 1.3.2 still appears in Trivy scan of build

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.3.2
    • None
    • common
    • None

    Description

      when building 3.3.2 Hadoop is still failing CVE scans showing the following error. We are unable to use Hadoop with this CVE showing

       
      "VulnerabilityID": "CVE-2021-31684",
      "PkgName": "net.minidev:json-smart",
      "PkgPath": "...lib/org.apache.hadoop.hadoop-client-runtime-3.3.2.jar",
      "InstalledVersion": "1.3.2",
      "FixedVersion": "2.4.5, 1.3.3",

       

      more specifically

       
      "VulnerabilityID": "CVE-2021-31684",
      "PkgName": "net.minidev:json-smart",
      "PkgPath": ".../lib/com.nimbusds.nimbus-jose-jwt-9.8.1.jar",
      "InstalledVersion": "1.3.2",
      "FixedVersion": "2.4.5, 1.3.3",
       

      Attachments

        Activity

          People

            Unassigned Unassigned
            FredPurcell Fred Purcell
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified