commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114

Question

question

ortizfabio_185816 asked Feb 24, '20 Erick Ramirez edited Mar 9, '22

commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114

This version of the connector is using commons-beanutils:commons-beanutils:1.9.3 which has a documented vulnerability: SNYK-JAVA-COMMONSBEANUTILS-460111. In our organization every artifact is checked against this type of vulnerabilities therefore I am unable to use the latest version. Could you create a version that is free of vulnerabilites?

spark-cassandra-connector cve

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

DataStax Enterprise is powered by the best distribution of Apache Cassandra ™

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Privacy Policy Terms of Use

Answer 1 · 2020-02-25T00:51:44Z

Erick Ramirez answered Feb 25, '20

@ortizfabio_185816 Thanks for bringing to this to our attention. As per the instructions on GitHub (https://github.com/datastax/spark-cassandra-connector#reporting-bugs), I've logged SPARKC-569 to have the issue assessed and addressed. Cheers!

Share

10 |1000

Attachments: Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

question