๐ CVE-2024-25638: dnsjava:dnsjava:jar:3.4.0:compile
Closed this issue ยท 1 comments
github-actions commented
Summary
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVE: CVE-2024-25638
CWE: CWE-345
References
ckunki commented
Requires update of com.exasol:parquet-io-java
and then com.exasol:virtual-schema-common-document-files
.
com.exasol:azure-data-lake-storage-gen2-document-files-virtual-schema:jar:2.1.0
\- com.exasol:virtual-schema-common-document-files:jar:8.1.0:compile
\- com.exasol:parquet-io-java:jar:2.0.9:compile
\- org.apache.hadoop:hadoop-client:jar:3.4.0:compile
\- org.apache.hadoop:hadoop-common:jar:3.4.0:compile
\- dnsjava:dnsjava:jar:3.4.0:compile
dnsjava version 3.6.0 is already available without any security issues reported, yet.