Summary
The majority of Datahub images v0.9.6.1 has Maven based Critical & High vulnerabilities coming from log4j jar packages .
Jar :
Log4j 1.2.17
Details
The datahub-kafka-setup ,datahub-ingestion images are having these Critical CVEs coming from this path:
/opt/kafka/libs/log4j-1.2.17.jar
CVE-2019-17571
CVE-2022-23305
CVE-2022-23302
CVE-2021-4104
CVE-2022-23307
PoC
These CVEs are produced using the Aquasec scanner and these CVEs have fixed version available .
Impact
Resolution
Upgraded to latest version of upstream images as of DataHub v0.10.1
BrijeshBurfal Reporter
Summary
The majority of Datahub images v0.9.6.1 has Maven based Critical & High vulnerabilities coming from log4j jar packages .
Jar :
Log4j 1.2.17
Details
The datahub-kafka-setup ,datahub-ingestion images are having these Critical CVEs coming from this path:
/opt/kafka/libs/log4j-1.2.17.jar
CVE-2019-17571
CVE-2022-23305
CVE-2022-23302
CVE-2021-4104
CVE-2022-23307
PoC
These CVEs are produced using the Aquasec scanner and these CVEs have fixed version available .
Impact
Resolution
Upgraded to latest version of upstream images as of DataHub v0.10.1