Bringing together the Apache Cassandra experts from the community and DataStax.

Want to learn? Have a question? Want to share your expertise? You are in the right place!

Not sure where to begin? Getting Started

 

question

ortizfabio_185816 avatar image
ortizfabio_185816 asked Erick Ramirez edited

commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114

This version of the connector is using commons-beanutils:commons-beanutils:1.9.3 which has a documented vulnerability: SNYK-JAVA-COMMONSBEANUTILS-460111. In our organization every artifact is checked against this type of vulnerabilities therefore I am unable to use the latest version. Could you create a version that is free of vulnerabilites?


spark-cassandra-connectorcve
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

Erick Ramirez avatar image
Erick Ramirez answered

@ortizfabio_185816 Thanks for bringing to this to our attention. As per the instructions on GitHub (https://github.com/datastax/spark-cassandra-connector#reporting-bugs), I've logged SPARKC-569 to have the issue assessed and addressed. Cheers!

Share
10 |1000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.