This version of the connector is using commons-beanutils:commons-beanutils:1.9.3 which has a documented vulnerability: SNYK-JAVA-COMMONSBEANUTILS-460111. In our organization every artifact is checked against this type of vulnerabilities therefore I am unable to use the latest version. Could you create a version that is free of vulnerabilites?
Bringing together the Apache Cassandra experts from the community and DataStax.
Want to learn? Have a question? Want to share your expertise? You are in the right place!
Not sure where to begin? Getting Started
commons-utils v1.9.3 in spark-cassandra-connector v2.0.12 is vulnerable to CVE-2014-0114
@ortizfabio_185816 Thanks for bringing to this to our attention. As per the instructions on GitHub (https://github.com/datastax/spark-cassandra-connector#reporting-bugs), I've logged SPARKC-569 to have the issue assessed and addressed. Cheers!
5 People are following this question.
