Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I have suggested some version updates. Details are listed below:
Some files in your project call the library method org.apache.hadoop.fs.Path.getFileSystem(org.apache.hadoop.conf.Configuration), which can reach the buggy method of CVE-2017-15713.
Files in your project:
src/main/java/org/dataalgorithms/chap29/combinesmallfilesbyhadoop/CustomRecordReader.java, src/main/java/org/dataalgorithms/chap24/mapreduce/FastaRecordReader.java, src/main/java/org/dataalgorithms/chap24/mapreduce/FastaInputFormat.java
Some files in your project call the library method org.apache.hadoop.conf.Configuration.getInt(java.lang.String,int), which can reach the buggy method of CVE-2017-15713.
Files in your project:
src/main/java/org/dataalgorithms/chap05/mapreduce/RelativeFrequencyMapper.java(The rest of the 21 files is hidden)
Some files in your project call the library method org.apache.hadoop.io.IOUtils.copyBytes(java.io.InputStream,java.io.OutputStream,org.apache.hadoop.conf.Configuration,boolean), which can reach the buggy method of CVE-2017-15713.
Files in your project:
src/main/java/org/dataalgorithms/chap29/combinesmallfilesbybuckets/BucketThread.java
Some files in your project call the library method org.apache.hadoop.io.SequenceFile.createWriter(org.apache.hadoop.fs.FileSystem,org.apache.hadoop.conf.Configuration,org.apache.hadoop.fs.Path,java.lang.Class,java.lang.Class), which can reach the buggy method of CVE-2017-15713.
Files in your project:
src/main/java/org/dataalgorithms/util/SequenceFileWriterDemo.java, src/main/java/org/dataalgorithms/chap03/mapreduce/SequenceFileWriterForTopN.java
Update suggestion: version 3.2.1
3.2.1 is a safe version without CVEs. From 2.6.3 to 3.2.1, 17 of the APIs (called by 84 times in your project) were modified.
Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I have suggested some version updates. Details are listed below:
Vulnerable Dependency: org.apache.hadoop : hadoop-common : 2.6.3
Call Chain to Buggy Methods:
Some files in your project call the library method org.apache.hadoop.fs.Path.getFileSystem(org.apache.hadoop.conf.Configuration), which can reach the buggy method of CVE-2017-15713.
Files in your project: src/main/java/org/dataalgorithms/chap29/combinesmallfilesbyhadoop/CustomRecordReader.java, src/main/java/org/dataalgorithms/chap24/mapreduce/FastaRecordReader.java, src/main/java/org/dataalgorithms/chap24/mapreduce/FastaInputFormat.java
One of the possible call chain:
Some files in your project call the library method org.apache.hadoop.conf.Configuration.getInt(java.lang.String,int), which can reach the buggy method of CVE-2017-15713.
Files in your project: src/main/java/org/dataalgorithms/chap05/mapreduce/RelativeFrequencyMapper.java(The rest of the 21 files is hidden)
One of the possible call chain:
Some files in your project call the library method org.apache.hadoop.io.IOUtils.copyBytes(java.io.InputStream,java.io.OutputStream,org.apache.hadoop.conf.Configuration,boolean), which can reach the buggy method of CVE-2017-15713.
Files in your project: src/main/java/org/dataalgorithms/chap29/combinesmallfilesbybuckets/BucketThread.java
One of the possible call chain:
Some files in your project call the library method org.apache.hadoop.io.SequenceFile.createWriter(org.apache.hadoop.fs.FileSystem,org.apache.hadoop.conf.Configuration,org.apache.hadoop.fs.Path,java.lang.Class,java.lang.Class), which can reach the buggy method of CVE-2017-15713.
Files in your project: src/main/java/org/dataalgorithms/util/SequenceFileWriterDemo.java, src/main/java/org/dataalgorithms/chap03/mapreduce/SequenceFileWriterForTopN.java
One of the possible call chain:
Update suggestion: version 3.2.1 3.2.1 is a safe version without CVEs. From 2.6.3 to 3.2.1, 17 of the APIs (called by 84 times in your project) were modified.