[jira] [Commented] (AVRO-3151) Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions" for Apache Avro 1.10.2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (AVRO-3151) Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions" for Apache Avro 1.10.2

Dave Cole (Jira)

    [ https://issues.apache.org/jira/browse/AVRO-3151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352307#comment-17352307 ]

Peter Rozovski commented on AVRO-3151:
--------------------------------------

I looked more and found similar defect, fixed in 1.11.0 :
 # Apache Avro
 # AVRO-3111

h1. Update Hadoop versions to prevent false-positive security reports
 
 

> Black Duck SEV-4 issue "Improper Check for Unusual or Exceptional Conditions" for Apache Avro 1.10.2
> -----------------------------------------------------------------------------------------------------
>
>                 Key: AVRO-3151
>                 URL: https://issues.apache.org/jira/browse/AVRO-3151
>             Project: Apache Avro
>          Issue Type: Bug
>          Components: java
>    Affects Versions: 1.10.2
>            Reporter: Peter Rozovski
>            Priority: Major
>
> Black Duck scan identifies SEV-4 vulnerability for Apache Avro 1.10.2 
>  Component Apache Avro_1.10.2 is vulnerable to Improper Check for Unusual or Exceptional Conditions
>  
> Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)