Vulnerabilities in Apache Commons IO 2.5 used by Hadoop in Jet
olukas opened this issue · 0 comments
olukas commented
Jet uses org.apache.hadoop:hadoop-client which uses commons-io:commons-io in version 2.5 which includes following vulnerability:
- CVE-2021-29425 - https://nvd.nist.gov/vuln/detail/CVE-2021-29425 (it should be fixed in version 2.7 - however is seems to currently be in
UNDERGOING REANALYSISstate in that version)