Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4657

CVEs in the library dependencies

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      I found your project used some dependencies that contain CVEs. I suggest a library update to avoid potential risks. The following is a detailed content.

      Vulnerable Library Version: com.google.guava : guava : 23.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: zeppelin-integration/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 15.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: zeppelin-jupyter/pom.xml, alluxio/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 22.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: bigquery/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 19.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: cassandra/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 18.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: elasticsearch/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 14.0.1
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: scio/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: com.google.guava : guava : 20.0
      CVE ID: [CVE-2018-10237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10237)
      Import Path: shell/pom.xml, zeppelin-interpreter-integration/pom.xml
      Suggested Safe Versions: 24.1.1-android, 24.1.1-jre, 25.0-android, 25.0-jre, 25.1-android, 25.1-jre, 26.0-android, 26.0-jre, 27.0-android, 27.0-jre, 27.0.1-android, 27.0.1-jre, 27.1-android, 27.1-jre, 28.0-android, 28.0-jre, 28.1-android, 28.1-jre, 28.2-android, 28.2-jre

      Vulnerable Library Version: org.apache.geode : geode-core : 1.1.0
      CVE ID: [CVE-2017-9794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9794), [CVE-2017-15692](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15692), [CVE-2017-15696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15696), [CVE-2017-15693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15693), [CVE-2017-9797](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9797), [CVE-2017-9796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9796), [CVE-2017-15694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15694), [CVE-2017-15695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15695), [CVE-2017-12622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12622), [CVE-2017-9795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9795)
      Import Path: geode/pom.xml
      Suggested Safe Versions: 1.10.0, 1.11.0, 1.9.0, 1.9.1, 1.9.2

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.3.3
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770)
      Import Path: spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.0.2
      CVE ID: [CVE-2018-8024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8024), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770), [CVE-2019-10099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099)
      Import Path: spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.1.2
      CVE ID: [CVE-2018-8024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8024), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770), [CVE-2019-10099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099)
      Import Path: spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.2.3
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770), [CVE-2019-10099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099)
      Import Path: spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.3.2
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770), [CVE-2019-10099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099)
      Import Path: spark/spark2-shims/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 1.6.3
      CVE ID: [CVE-2018-8024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8024), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770), [CVE-2019-10099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10099)
      Import Path: spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.4
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678)
      Import Path: rlang/pom.xml, spark/scala-2.11/pom.xml, spark/spark2-shims/pom.xml, spark/interpreter/pom.xml, spark/spark-dependencies/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.spark : spark-core_2.11 : 2.4.0
      CVE ID: [CVE-2017-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7678), [CVE-2018-3826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3826), [CVE-2018-11770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11770)
      Import Path: spark/scala-2.11/spark-scala-parent/pom.xml, spark/spark-scala-parent/pom.xml, spark/scala-2.12/spark-scala-parent/pom.xml, spark/scala-2.10/spark-scala-parent/pom.xml
      Suggested Safe Versions: 2.4.5

      Vulnerable Library Version: org.apache.hive : hive-jdbc : 1.2.1
      CVE ID: [CVE-2016-3083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3083), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1282)
      Import Path: jdbc/pom.xml
      Suggested Safe Versions: 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

      Vulnerable Library Version: com.hubspot.jinjava : jinjava : 2.4.0
      CVE ID: [CVE-2018-18893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18893)
      Import Path: shell/pom.xml, submarine/pom.xml
      Suggested Safe Versions: 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.5.0, 2.5.1, 2.5.2

      Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.8.9
      CVE ID: [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2017-17485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17485), [CVE-2018-11307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11307), [CVE-2018-7489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489), [CVE-2018-19360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19360), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2017-15095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15095), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2018-14720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14720), [CVE-2018-12023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12023), [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086), [CVE-2018-14721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14721), [CVE-2018-14719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14719), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2018-14718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14718), [CVE-2018-19362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19362), [CVE-2018-19361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19361), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
      Import Path: neo4j/pom.xml
      Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3

      Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.8
      CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-16335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16335), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330), [CVE-2019-12384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12384), [CVE-2019-12086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086), [CVE-2019-17531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17531), [CVE-2019-14439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14439), [CVE-2019-12814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814), [CVE-2019-16943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16943), [CVE-2019-14379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379), [CVE-2019-14540](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14540), [CVE-2019-17267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267), [CVE-2019-16942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942)
      Import Path: ksql/pom.xml
      Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3

      Vulnerable Library Version: com.fasterxml.jackson.core : jackson-databind : 2.9.10.1
      CVE ID: [CVE-2020-8840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840), [CVE-2019-20330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330)
      Import Path: zeppelin-server/pom.xml
      Suggested Safe Versions: 2.10.0, 2.10.1, 2.10.2, 2.9.10.3

      Vulnerable Library Version: org.apache.hadoop : hadoop-yarn-common : 2.3.0
      CVE ID: [CVE-2014-3627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3627)
      Import Path: beam/pom.xml
      Suggested Safe Versions: 2.10.0, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 3.0.0, 3.0.0-alpha1, 3.0.0-alpha2, 3.0.0-alpha3, 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.5
      CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: flink/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.3.0
      CVE ID: [CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811), [CVE-2014-0229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0229), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: beam/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 3.0.0
      CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: zeppelin-zengine/pom.xml, jdbc/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.2
      CVE ID: [CVE-2016-5393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009), [CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811), [CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718), [CVE-2016-3086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029)
      Import Path: jdbc/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.3
      CVE ID: [CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811), [CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: zeppelin-zengine/pom.xml, zeppelin-interpreter-integration/pom.xml, jdbc/pom.xml, submarine/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.6.0
      CVE ID: [CVE-2016-5393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5393), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009), [CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811), [CVE-2017-15718](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15718), [CVE-2016-3086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3086), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029)
      Import Path: spark/spark-shims/pom.xml, livy/pom.xml, livy/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.4.0
      CVE ID: [CVE-2016-6811](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6811), [CVE-2014-0229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0229), [CVE-2017-15713](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713), [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
      Import Path: lens/pom.xml
      Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.kohsuke : libpam4j : 1.8
      CVE ID: [CVE-2017-12197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197)
      Import Path: zeppelin-server/pom.xml
      Suggested Safe Versions: 1.10, 1.11, 1.9

      Vulnerable Library Version: org.codehaus.groovy : groovy-all : 2.4.7
      CVE ID: [CVE-2016-6814](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6814)
      Import Path: groovy/pom.xml
      Suggested Safe Versions: 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.4.14, 2.4.15, 2.4.16, 2.4.17, 2.4.18, 2.4.8, 2.4.9, 2.5.0, 2.5.0-alpha-1, 2.5.0-beta-1, 2.5.0-beta-2, 2.5.0-beta-3, 2.5.0-rc-1, 2.5.0-rc-2, 2.5.0-rc-3, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.6.0-alpha-1, 2.6.0-alpha-2, 2.6.0-alpha-3, 2.6.0-alpha-4, 3.0.0, 3.0.0-alpha-1, 3.0.0-alpha-2, 3.0.0-alpha-3, 3.0.0-alpha-4, 3.0.0-beta-1, 3.0.0-beta-2, 3.0.0-beta-3, 3.0.0-rc-1, 3.0.0-rc-2, 3.0.0-rc-3, 3.0.1

      Vulnerable Library Version: org.apache.hive : hive-metastore : 1.2.1
      CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
      Import Path: flink/pom.xml
      Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

      Vulnerable Library Version: org.postgresql : postgresql : 9.4-1201-jdbc41
      CVE ID: [CVE-2018-10936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10936)
      Import Path: jdbc/pom.xml
      Suggested Safe Versions: 42.2.10, 42.2.10.jre6, 42.2.10.jre7, 42.2.5, 42.2.5.jre6, 42.2.5.jre7, 42.2.6, 42.2.6.jre6, 42.2.6.jre7, 42.2.7, 42.2.7.jre6, 42.2.7.jre7, 42.2.8, 42.2.8.jre6, 42.2.8.jre7, 42.2.9, 42.2.9.jre6, 42.2.9.jre7

      Vulnerable Library Version: org.apache.jackrabbit : jackrabbit-webdav : 1.5.2
      CVE ID: [CVE-2015-1833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1833)
      Import Path: zeppelin-zengine/pom.xml
      Suggested Safe Versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.5, 2.1.6, 2.10.4, 2.10.5, 2.10.6, 2.10.7, 2.10.8, 2.10.9, 2.11.0, 2.11.1, 2.11.2, 2.11.3, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.13.3, 2.13.4, 2.13.5, 2.13.6, 2.13.7, 2.14.0, 2.14.1, 2.14.2, 2.14.3, 2.14.4, 2.14.5, 2.14.6, 2.14.7, 2.14.8, 2.15.0, 2.15.1, 2.15.2, 2.15.3, 2.15.4, 2.15.5, 2.15.6, 2.15.7, 2.15.8, 2.16.0, 2.16.1, 2.16.2, 2.16.3, 2.16.4, 2.16.5, 2.17.0, 2.17.1, 2.17.2, 2.17.3, 2.17.4, 2.17.5, 2.17.6, 2.17.7, 2.18.0, 2.18.1, 2.18.2, 2.18.3, 2.18.4, 2.19.0, 2.19.1, 2.19.2, 2.19.3, 2.19.4, 2.19.5, 2.19.6, 2.20.0, 2.21.0, 2.3.0, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.6, 2.4.7, 2.4.8, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.10, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.8.10, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.9.0, 2.9.1

      Vulnerable Library Version: org.scala-lang : scala-compiler : 2.10.5
      CVE ID: [CVE-2017-15288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288)
      Import Path: scalding/pom.xml, zeppelin-server/pom.xml, spark/interpreter/pom.xml, spark/scala-2.10/pom.xml, cassandra/pom.xml, scio/pom.xml
      Suggested Safe Versions: 2.10.7, 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161, 2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba, 2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 2.13.1

      Vulnerable Library Version: org.scala-lang : scala-compiler : 2.11.8
      CVE ID: [CVE-2017-15288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15288)
      Import Path: scalding/pom.xml, ignite/pom.xml, cassandra/pom.xml
      Suggested Safe Versions: 2.11.12, 2.12.10, 2.12.4, 2.12.5, 2.12.6, 2.12.7, 2.12.8, 2.12.9, 2.13.0, 2.13.0-M1, 2.13.0-M2, 2.13.0-M3, 2.13.0-M3-f73b161, 2.13.0-M4, 2.13.0-M4-pre-20d3c21, 2.13.0-M5, 2.13.0-M5-1775dba, 2.13.0-M5-5eef812, 2.13.0-M5-6e0cba7, 2.13.0-RC1, 2.13.0-RC2, 2.13.0-RC3, 2.13.1

      Vulnerable Library Version: org.apache.lucene : lucene-queryparser : 5.3.1
      CVE ID: [CVE-2017-12629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12629)
      Import Path: zeppelin-zengine/pom.xml
      Suggested Safe Versions: 5.5.5, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1

      Vulnerable Library Version: com.h2database : h2 : 1.4.190
      CVE ID: [CVE-2018-10054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10054), [CVE-2018-14335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14335)
      Import Path: jdbc/pom.xml
      Suggested Safe Versions: 1.4.198, 1.4.199, 1.4.200

      Vulnerable Library Version: org.apache.hive : hive-exec : 1.2.1
      CVE ID: [CVE-2018-11777](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11777), [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521), [CVE-2018-1314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1314)
      Import Path: flink/pom.xml
      Suggested Safe Versions: 2.3.4, 2.3.5, 2.3.6, 3.1.1, 3.1.2

      Vulnerable Library Version: org.springframework : spring-web : 4.3.0.RELEASE
      CVE ID: [CVE-2018-15756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15756), [CVE-2018-11039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11039)
      Import Path: livy/pom.xml
      Suggested Safe Versions: 4.3.20.RELEASE, 4.3.21.RELEASE, 4.3.22.RELEASE, 4.3.23.RELEASE, 4.3.24.RELEASE, 4.3.25.RELEASE, 4.3.26.RELEASE, 5.0.16.RELEASE, 5.1.13.RELEASE, 5.2.3.RELEASE

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 3.0.0
      CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
      Import Path: zeppelin-zengine/pom.xml
      Suggested Safe Versions: 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.3.0
      CVE ID: [CVE-2016-5001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001), [CVE-2014-0229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0229), [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768), [CVE-2017-3162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3162)
      Import Path: beam/pom.xml
      Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 3.1.1
      CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
      Import Path: zeppelin-interpreter-integration/pom.xml
      Suggested Safe Versions: 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.6.0
      CVE ID: [CVE-2016-5001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5001), [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768), [CVE-2017-3162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3162)
      Import Path: livy/pom.xml, livy/pom.xml
      Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.3
      CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
      Import Path: zeppelin-zengine/pom.xml, zeppelin-interpreter-integration/pom.xml, submarine/pom.xml
      Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: commons-httpclient : commons-httpclient : 3.1
      CVE ID: [CVE-2014-3577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577), [CVE-2012-5783](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783), [CVE-2012-6153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153)
      Import Path: zeppelin-interpreter/pom.xml
      Suggested Safe Versions: 3.0alpha2

      Vulnerable Library Version: org.apache.lucene : lucene-core : 5.3.1
      CVE ID: [CVE-2017-3163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3163)
      Import Path: zeppelin-zengine/pom.xml
      Suggested Safe Versions: 6.4.1, 6.4.2, 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.1.0, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.7.0, 7.7.1, 7.7.2, 8.0.0, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1

      Vulnerable Library Version: org.apache.hbase : hbase-client : 1.0.0
      CVE ID: [CVE-2015-1836](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1836)
      Import Path: hbase/pom.xml
      Suggested Safe Versions: 1.0.1.1, 1.0.2, 1.0.3, 1.1.0.1, 1.1.1, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1, 1.2.10, 1.2.11, 1.2.12, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 1.2.8, 1.2.9, 1.3.0, 1.3.1, 1.3.2, 1.3.2.1, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.10, 1.4.11, 1.4.12, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.5.0, 2.0.0, 2.0.0-alpha-1, 2.0.0-alpha2, 2.0.0-alpha3, 2.0.0-alpha4, 2.0.0-beta-1, 2.0.0-beta-2, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.2.0, 2.2.1, 2.2.2, 2.2.3

      Vulnerable Library Version: org.apache.hadoop : hadoop-mapreduce-client-core : 2.3.0
      CVE ID: [CVE-2017-3166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3166)
      Import Path: beam/pom.xml
      Suggested Safe Versions: 2.10.0, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.9.0, 2.9.1, 2.9.2, 3.0.0-alpha4, 3.0.0-beta1, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1

      Vulnerable Library Version: org.apache.commons : commons-compress : 1.14
      CVE ID: [CVE-2018-1324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324), [CVE-2018-11771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771)
      Import Path: zeppelin-plugins/launcher/docker/pom.xml
      Suggested Safe Versions: 1.19, 1.20

      Vulnerable Library Version: org.apache.commons : commons-compress : 1.9
      CVE ID: [CVE-2018-11771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771)
      Import Path: spark/interpreter/pom.xml
      Suggested Safe Versions: 1.19, 1.20

      Vulnerable Library Version: com.nimbusds : nimbus-jose-jwt : 4.41.2
      CVE ID: [CVE-2019-17195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17195)
      Import Path: zeppelin-server/pom.xml
      Suggested Safe Versions: 7.8.1, 7.9, 8.0, 8.1, 8.2, 8.2.1, 8.3, 8.4, 8.4.1, 8.5, 8.5.1, 8.6, 8.7

      Vulnerable Library Version: org.apache.hive : hive-contrib : 1.2.1
      CVE ID: [CVE-2015-7521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521)
      Import Path: flink/pom.xml
      Suggested Safe Versions: 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 3.0.0, 3.1.0, 3.1.1, 3.1.2

      Attachments

        1.
        		 upgrade commons-compress and commons-io due to CVEs Sub-task Resolved Unassigned

        100%
        Original Estimate - Not Specified Original Estimate - Not Specified
        Time Spent - 1h
        2.
        		 upgrade bouncycastle due to cve Sub-task Open Unassigned

        100%
        Original Estimate - Not Specified Original Estimate - Not Specified
        Time Spent - 0.5h
        3.
        		 upgrade shiro Sub-task Open Unassigned

        100%
        Original Estimate - Not Specified Original Estimate - Not Specified
        Time Spent - 3h 10m
        4.
        		 upgrade jinjava due to cves Sub-task Resolved Unassigned

        100%
        Original Estimate - Not Specified Original Estimate - Not Specified
        Time Spent - 1h 10m
        5.
        		 upgrade geode-core due to cve Sub-task Resolved Unassigned

        100%
        Original Estimate - Not Specified Original Estimate - Not Specified
        Time Spent - 10m

        Activity

          People

            Unassigned Unassigned
            XuCY XuCongying
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 7.5h
                7.5h