search

billmcchesney1 / hadoop

Mirror of Apache Hadoop
Apache License 2.0
0 stars 0 forks source link

CVE-2023-34610 (High) detected in json-io-2.5.1.jar - autoclosed #308

Closed mend-for-github-com[bot] closed 3 weeks ago

mend-for-github-com[bot] commented 11 months ago

CVE-2023-34610 - High Severity Vulnerability

Vulnerable Library - json-io-2.5.1.jar

Java JSON serialization

Library home page: https://github.com/jdereg/json-io

Path to vulnerable library: /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice-hbase/hadoop-yarn-server-timelineservice-hbase-client/target/lib/json-io-2.5.1.jar

Dependency Hierarchy: - :x: **json-io-2.5.1.jar** (Vulnerable Library)

Found in base branch: trunk

Vulnerability Details

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Publish Date: 2023-06-14

URL: CVE-2023-34610

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

mend-for-github-com[bot] commented 3 weeks ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.