Posted by shravan on
URL: http://deprecated-apache-flink-user-mailing-list-archive.369.s1.nabble.com/Security-vulnerabilities-of-dependencies-in-Flink-1-11-1-tp37829.html

issues.docx
<http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/file/t2439/issues.docx>  

Hello,

We are using Apache Flink 1.11.1 version and our security scans report the
following issues.  
Please let us know your comments on these security vulnerabilities and fix
plans for them.

PFA a word document with details in regard to CVE numbers, details, and it's
severity.

Issues in a nutshell,
1. Flink-shaded-netty, has netty 4.1.39 which is vulnerable
2. Flink-shaded-jackson, has snakeyaml 1.24 which is vulnerable
3. Flink-table, has vulnerable version of Jackson-databind in table APIs

Looking forward on a response.

Thanks,
Shravan



--
Sent from: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/