Uploaded image for project: 'Parquet'
  1. Parquet
  2. PARQUET-1894

Please fix the related Shaded Jackson Databind CVEs

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 1.11.0
    • 1.12.0
    • parquet-mr
    • None

    Description

      The following CVEs are all related to version 2.9.10 of Jackson databind which you shade

      cve severity cvss
      CVE-2019-16942 critical 9.8
      CVE-2019-16943 critical 9.8
      CVE-2019-17531 critical 9.8
      CVE-2019-20330 critical 9.8
      CVE-2020-10672 high 8.8
      CVE-2020-10673 high 8.8
      CVE-2020-10968 high 8.8
      CVE-2020-10969 high 8.8
      CVE-2020-11111 high 8.8
      CVE-2020-11112 high 8.8
      CVE-2020-11113 high 8.8
      CVE-2020-11619 critical 9.8
      CVE-2020-11620 critical 9.8
      CVE-2020-14060 high 8.1
      CVE-2020-14061 high 8.1
      CVE-2020-14062 high 8.1
      CVE-2020-14195 high 8.1
      CVE-2020-8840 critical 9.8
      CVE-2020-9546 critical 9.8
      CVE-2020-9547 critical 9.8
      CVE-2020-9548 critical 9.8

       

      Our security team is trying to block us from using parquet files because of this issue

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. PARQUET-1961 Bump Jackson to 2.11.4

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              AceHack Rodney Aaron Stainback
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: