Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix protobuf vulnerability CVE-2024-7254, SNYK-JAVA-COMGOOGLEPROTOBUF-8055227, SNYK-JAVA-COMGOOGLEPROTOBUF-8055228 #16423

Open
valenad1 opened this issue Oct 15, 2024 · 0 comments · Fixed by #16426, #16436 or #16428
Open

Fix protobuf vulnerability CVE-2024-7254, SNYK-JAVA-COMGOOGLEPROTOBUF-8055227, SNYK-JAVA-COMGOOGLEPROTOBUF-8055228 #16423

valenad1 opened this issue Oct 15, 2024 · 0 comments · Fixed by #16426, #16436 or #16428
Assignees
@valenad1
Labels
Security Vulnerability
Milestone
3.46.0.7

Comments

@valenad1
Copy link
Collaborator

valenad1 commented Oct 15, 2024
edited
Loading

Stack-based Buffer Overflow [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055227] in com.google.protobuf:[email protected]
introduced by unknown:/opt/.venv/lib/python3.12/site-packages/h2o/backend/bin/h2o.jar@unknown > com.google.protobuf:[email protected]
This issue was fixed in versions: 3.25.5, 4.27.5, 4.28.2

Stack-based Buffer Overflow [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-8055228] in com.google.protobuf:[email protected] introduced by unknown:/opt/.venv/lib/python3.12/site-packages/h2o/backend/bin/h2o.jar@unknown > com.google.protobuf:[email protected]
This issue was fixed in versions: 3.25.5, 4.27.5, 4.28.2
@valenad1 valenad1 added this to the 3.46.0.6 milestone Oct 15, 2024
@valenad1 valenad1 self-assigned this Oct 15, 2024
@valenad1 valenad1 changed the title Fix protobuf vulnerability CVE-2024-7254 Fix protobuf vulnerability CVE-2024-7254, SNYK-JAVA-COMGOOGLEPROTOBUF-8055227, SNYK-JAVA-COMGOOGLEPROTOBUF-8055228 Oct 15, 2024
@valenad1 valenad1 mentioned this issue Oct 18, 2024
Merged
valenad1 added a commit that referenced this issue Oct 21, 2024
@valenad1
GH-16423 upgrade protobuf , google-cloud-storage, and fix CVE-2024-7254
eaccd47 
… (#16426)

* upgrade google-cloud-storage to newest

* upgarde protobuf and exclude the one from hadoop-common
valenad1 added a commit that referenced this issue Oct 22, 2024
@valenad1
GH-16423 - fix hadoop jars after gcs upgrade
bffcdc9
@valenad1 valenad1 mentioned this issue Oct 23, 2024
Merged
valenad1 added a commit that referenced this issue Oct 24, 2024
@valenad1
GH-16423 - fix hadoop jars after gcs upgrade [nocheck] (#16428)
3e4c39d 
* downgrade google gcs

* upgrade only protobuf
valenad1 added a commit that referenced this issue Oct 24, 2024
@valenad1
GH-16423 - do not remove hadoop-shaded-protobuf_3_7 because of the fa…
8c8a047 
…iled tests
@valenad1 valenad1 mentioned this issue Oct 24, 2024
Merged
valenad1 added a commit that referenced this issue Oct 24, 2024
@valenad1
GH-16423 - do not remove hadoop-shaded-protobuf_3_7 because of the fa…
553c323 
…iled tests
valenad1 added a commit that referenced this issue Oct 24, 2024
@valenad1
GH-16423 - do not remove hadoop-shaded-protobuf_3_7 because of the fa…
50aa9e0 
…iled tests (#16436)
This was linked to pull requests Oct 24, 2024
GH-16423 fix hadoop jars after gcs upgrade #16436
Merged
GH-16423 - fix hadoop jars after gcs upgrade [nocheck] #16428
Merged
@wendycwong wendycwong modified the milestones: 3.46.0.6, 3.46.0.7 Oct 29, 2024
@valenad1 valenad1 modified the milestones: 3.46.0.6, 3.46.0.7 Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@valenad1 valenad1

Labels
Security Vulnerability
Projects
None yet
Milestone
3.46.0.7
2 participants
@wendycwong @valenad1