Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BIRT runtime uses Apache Cassandra library which as reported by NIST and NVD has critical security vulnerability #1037

Closed
ivkina opened this issue Aug 25, 2022 · 1 comment
Closed

BIRT runtime uses Apache Cassandra library which as reported by NIST and NVD has critical security vulnerability #1037

ivkina opened this issue Aug 25, 2022 · 1 comment

Comments

@ivkina
Copy link

ivkina commented Aug 25, 2022

Our security code and 3d party product review team reported that one of core BIRT ReportEngine runtime jars, e.g.:
org.eclipse.birt.runtime_4.10.0-20220721.jar or previous build version org.eclipse.birt.runtime_4.9.0-20220315.jar both use Apache Cassandra library - org.apache.cassandra:cassandra-thrift:1.1.0.

This library has critical (score 9.1) security vulnerability reported by NIST. For more details, please, see here: https://nvd.nist.gov/vuln/detail/CVE-2021-44521.

Thanks,
Aleksey
Deltek
@wimjongman
Copy link
Contributor

The BIRT ReportEngine Runtime is not a web application. It is a local report renderer and, therefore, not subject to the effects described in your CVE.

Please correct me if I am wrong

@eclipse-birt eclipse-birt locked and limited conversation to collaborators Sep 27, 2022
@wimjongman wimjongman converted this issue into discussion #1064 Sep 27, 2022

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wimjongman @ivkina