[ https://issues.apache.org/jira/browse/HIVE-27845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
tanishqchugh updated HIVE-27845: -------------------------------- Labels: pull_request_available (was: pull-request-available) > Upgrade protobuf to 3.24.4 to fix CVEs > -------------------------------------- > > Key: HIVE-27845 > URL: https://issues.apache.org/jira/browse/HIVE-27845 > Project: Hive > Issue Type: Improvement > Reporter: Akshat Mathur > Assignee: tanishqchugh > Priority: Major > Labels: pull_request_available > > Current protobuf-java(3.21.3) has the following CVE > Direct vulnerabilities: > [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510] > [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509] > [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171] > Vulnerabilities from dependencies: > [CVE-2023-2976|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976] > [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908] -- This message was sent by Atlassian Jira (v8.20.10#820010)