Description
There are multiple CVEs found in ratis-hadoop.
- CVE-2012-4449 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2016-5001 | Low org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3161 | Medium org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
- CVE-2017-3162 | High org.apache.ratis:ratis-hadoop:0.3.0-SNAPSHOT
It is very likely that the CVEs come from the Hadoop dependency. We should either update the Hadoop version or temporarily remove Hadoop dependency in order to fix the CVEs.