Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18069

CVE-2021-0341 in okhttp@2.7.5 detected in hdfs-client

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 3.3.1
    • None
    • hdfs-client

    Description

      Our static vulnerability scanner (Fortify On Demand) detected NVD - CVE-2021-0341 (nist.gov) in our application. We traced the vulnerability to a transitive dependency coming from hadoop-hdfs-client, which depends on okhttp@2.7.5 (hadoop/pom.xml at trunk · apache/hadoop (github.com)). To resolve this issue, okhttp should be upgraded to 4.9.2+ (ref: CVE-2021-0341 · Issue #6724 · square/okhttp (github.com)).

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. HDFS-16453 Upgrade okhttp from 2.7.5 to 4.9.3

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4229

          Activity

            People

              groot Ashutosh Gupta
              ess-truveta Eugene Shinn (Truveta)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 6h 10m
                  6h 10m