You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I have suggested some version updates. See below for more details:
File src/kundera-hbase/kundera-hbase/src/main/java/com/impetus/client/hbase/admin/HBaseDataHandler.java in your project call some library methods, which can reach the buggy method of CVE-2015-1836. The following is the called library methods and their call chains to buggy method.
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.enableTable(java.lang.String):
org.apache.hadoop.hbase.client.HBaseAdmin.enableTable(java.lang.String)
org.apache.hadoop.hbase.client.HBaseAdmin.enableTable(org.apache.hadoop.hbase.TableName)
...
(12 methods in call chain are hidden)
...
org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.createTable(org.apache.hadoop.hbase.HTableDescriptor):
org.apache.hadoop.hbase.client.HBaseAdmin.createTable(org.apache.hadoop.hbase.HTableDescriptor)
org.apache.hadoop.hbase.client.HBaseAdmin.createTable(org.apache.hadoop.hbase.HTableDescriptor,byte[][])
...
(12 methods in call chain are hidden)
... org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.isTableEnabled(java.lang.String):
org.apache.hadoop.hbase.client.HBaseAdmin.isTableEnabled(java.lang.String)
org.apache.hadoop.hbase.client.HBaseAdmin.isTableEnabled(org.apache.hadoop.hbase.TableName)
...
(12 methods in call chain are hidden)
...
org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.disableTable(java.lang.String):
org.apache.hadoop.hbase.client.HBaseAdmin.disableTable(java.lang.String)
org.apache.hadoop.hbase.client.HBaseAdmin.disableTable(org.apache.hadoop.hbase.TableName)
...
(12 methods in call chain are hidden)
...
org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(byte[]):
org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(byte[])
org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(org.apache.hadoop.hbase.TableName)
...
(10 methods in call chain are hidden)
...
org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
One of the possible call chain of library method org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(java.lang.String):
org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(java.lang.String)
org.apache.hadoop.hbase.client.HBaseAdmin.tableExists(org.apache.hadoop.hbase.TableName)
...
(10 methods in call chain are hidden)
...
org.apache.hadoop.hbase.zookeeper.ZKUtil.isSecureZooKeeper(org.apache.hadoop.conf.Configuration) [buggy method]
Update suggestion: version 0.99.0
0.99.0 is a safe version without CVEs. From 0.96.1.1-hadoop2 to 0.99.0, 14 of the APIs (called by 45 times in your project) were modified.
The text was updated successfully, but these errors were encountered:
Hello,
Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I have suggested some version updates. See below for more details:
Vulnerable Dependency: org.apache.hbase : hbase-client : 0.96.1.1-hadoop2
Call Chain to Buggy Methods:
File src/kundera-hbase/kundera-hbase/src/main/java/com/impetus/client/hbase/admin/HBaseDataHandler.java in your project call some library methods, which can reach the buggy method of CVE-2015-1836. The following is the called library methods and their call chains to buggy method.
Update suggestion: version 0.99.0
0.99.0 is a safe version without CVEs. From 0.96.1.1-hadoop2 to 0.99.0, 14 of the APIs (called by 45 times in your project) were modified.
The text was updated successfully, but these errors were encountered: