[HBASE-28099] protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 is vulnerable to CVE-2022-3509 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.4.13
Fix Version/s: None
Component/s: hadoop2
Labels:
None

Description

protobuf-java 3.23.2 causing increasing disk usage. Because of this we are not in position to upgrade protobuf to latest version.

we are currently using hbase 2.4.13 which uses protobuf version older than 3.23.2 which is vulnerable to cve.

is there any latest hbase and hadoop version available which is using protobuf version 3.23.2?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: kaushik mandal

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Sep/23 04:57

Updated:: 20/Sep/23 06:35