Security vulnerability while provisioning pinot version 0.9.1 #7900

imvankit · 2021-12-14T20:51:32Z

Hi Team,
Hope you are doing well. We are trying to provision (download binaries) of pinot version 0.9.1 but this latest version is being highlighted for security vulnerabilities mentioned below.

Security Vulnerabilities:

org.webjars swaggar-ui:3.18.1
org.apache.pinot:pinot-azure:0.9.1
org.apache.pinot:pinot-distribution:0.9.1

Helpful links:
https://nvd.nist.gov/vuln/detail/CVE-2019-17495

Note
Please confirm if Patch #7814 will be available as a part of 0.9.1 pinot

npawar mentioned this issue Dec 14, 2021

Bump up swagger-ui version #7901

Closed

xiangfu0 linked a pull request Dec 14, 2021 that will close this issue

Upgrade swagger-ui version to 3.23.11 for CVE-2019-17495 #7902

Merged

3 tasks

xiangfu0 closed this as completed in #7902 Dec 14, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security vulnerability while provisioning pinot version 0.9.1 #7900

Security vulnerability while provisioning pinot version 0.9.1 #7900

imvankit commented Dec 14, 2021

Security vulnerability while provisioning pinot version 0.9.1 #7900

Security vulnerability while provisioning pinot version 0.9.1 #7900

Comments

imvankit commented Dec 14, 2021