[HBASE-28067] Hbase 2.4.13 vulnerable to CVE-2022-26612 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.4.13
Fix Version/s: None
Component/s: Client
Labels:
None

Hadoop Flags:

Incompatible change

Description

hbase 2.4.13 uses hadoop-common-2.10.0.jar which is vulnerable to CVE-2022-26612.

when replaced hadoop-common-2.10.0.jar with 3.2.3, getting version incompatible issue and as result hbase shell command failed.

is there any hbase version which is compatible with hadoop-common 3.2.3 or above?

or is there any hbase version available where the above CVE addressed?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: kaushik mandal

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Sep/23 13:26

Updated:: 07/Sep/23 13:26