Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-28065

Upgrade Bouncy castle to bcprov-jdk18on 1.77

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 4.0.0
    • None

    Description

      For Bouncy Castle for java before 1.74(excluding), it was discovered that there was a potential LDAP injection. During the certificate validation process, bouncycastle used the certificate's "Subject Name" into an LDAP search filter without any escaping.

      https://nvd.nist.gov/vuln/detail/CVE-2023-33201

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            araika Araika Singh Assign to me
            araika Araika Singh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment