[ 
https://issues.apache.org/jira/browse/HIVE-27845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

tanishqchugh updated HIVE-27845:
--------------------------------
    Labels: pull_request_available  (was: pull-request-available)

> Upgrade protobuf to 3.24.4 to fix CVEs
> --------------------------------------
>
>                 Key: HIVE-27845
>                 URL: https://issues.apache.org/jira/browse/HIVE-27845
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Akshat Mathur
>            Assignee: tanishqchugh
>            Priority: Major
>              Labels: pull_request_available
>
> Current protobuf-java(3.21.3) has the following CVE
> Direct vulnerabilities:
> [CVE-2022-3510|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3510]
> [CVE-2022-3509|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3509]
> [CVE-2022-3171|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171]
> Vulnerabilities from dependencies:
> [CVE-2023-2976|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976]
> [CVE-2020-8908|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to