search

adobe / experience-platform-etl-reference

Examples for ETL Integrations with Adobe Experience Platform
https://www.adobe.io/apis/experienceplatform/home.html
Apache License 2.0
14 stars 21 forks source link

PLAT-112863:-Upgrading versions of dependencies to comply with INFA Security standards #42

Open garghima opened 2 years ago

garghima commented 2 years ago 
We have found a security vulnerabilities during security scan for December release in AEP jars ecosystem-examples-1.1.8.jar & example-parquetIO-1.1.8.jar.

Vulnerable version: 4.1.63.Final of Netty Project  - Best Recommended Version : 4.1.70.Final
Paths:
·       package/connectors/ctk/604301/ecosystem-examples-1.1.8.jar!//io/netty/util/
·       package/connectors/ctk/604301/ecosystem-examples-1.1.8.jar!//io/netty/handler/timeout/
·       package/connectors/ctk/604301/ecosystem-examples-1.1.8.jar!//io/netty/handler/pcap/
·       package/connectors/ctk/604301/example-parquetIO-1.1.8.jar!//io/netty/channel/epoll/
·       package/connectors/ctk/604301/example-parquetIO-1.1.8.jar!//io/netty/channel/socket/
·       package/connectors/ctk/604301/ecosystem-examples-1.1.8.jar!//io/netty/channel/nio/
List of CVE's:

CVE-2021-37136 (BDSA-2021-2832) CVE-2021-37137 (BDSA-2021-2831)