Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-14227

CVE-2022-22965 vulnerability found in java-io-kafka component

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • P1
    • Resolution: Fixed
    • 2.37.0
    • 2.39.0
    • io-java-kafka
    • None

    Description

      The beam sdk java io kafka uses 

      org.springframework:spring-expression:4.3.18.RELEASE

      which has a transitive dependency of 

      org.springframework:spring-core:4.3.18.RELEASE

      which is affected by the CVE-2022-22965 vulnerability.

       

      References

      https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE

      Attachments

        Issue Links

          is duplicated by

          Task - A task that needs to be done. BEAM-14256 Upgrade spring expression dependency

          • P2 - Default priority. Will be triaged and planned according to community practices.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              balabarath bala barath
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: