[HIVE-28065] Upgrade Bouncy castle to bcprov-jdk18on 1.77 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: None
Labels:
- pull-request-available

Description

For Bouncy Castle for java before 1.74(excluding), it was discovered that there was a potential LDAP injection. During the certificate validation process, bouncycastle used the certificate's "Subject Name" into an LDAP search filter without any escaping.

https://nvd.nist.gov/vuln/detail/CVE-2023-33201

Attachments

Issue Links

links to

GitHub Pull Request #5071

Activity

People

Assignee:: Araika Singh

Reporter:: Araika Singh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 07/Feb/24 05:13

Updated:: 29/Mar/24 17:50

Resolved:: 20/Feb/24 04:58