Open trend-greta-pan opened 3 months ago
Hi @trend-greta-pan. I see that CVE-2019-10172 is related to org.codehaus.jackson:jackson-mapper-asl:1.9.x
, which is not delivered in the artifact you linked (or any es-hadoop artifact that I'm aware of). Was that the correct CVE?
Issue description
scan the jar built from the latest release 8.12.2 and latest release for scala 2.12 8.9.1, find CVE-2019-10172 jar location: https://mvnrepository.com/artifact/org.elasticsearch/elasticsearch-spark-30_2.12
Steps to reproduce
Code:
Strack trace: NA, black duck scan result
Version Info
OS: :
JVM :
Hadoop/Spark:
ES-Hadoop : elasticsearch-spark-30_2.12-8.9.1.jar, elasticsearch-spark-30_2.13-8.12.2.jar ES :
Feature description