Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18561

CVE-2021-37533 on commons-net is included in hadoop common and hadoop-client-runtime

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      Latest 3.3.4 version of hadoop-common and hadoop-client-runtime includes commons-net in version 3.6, which has vulnerability CVE-2021-37533. Need to upgrade it to 3.9 to fix.

      This is a due diligence patch only; by the time the caller encounters the CVE they must have already provided their username and password to a malicious ftp server.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. NET-711 Add FTP option to toggle use of return host like cURL

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-18361 Update commons-net from 3.6 to 3.8.0.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #5214

          Web Link GitHub Pull Request #5227

          Web Link GitHub Pull Request #5228

          Activity

            People

              stevel@apache.org Steve Loughran
              phoebemaomao phoebe chen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: