databricks-sdk-java icon indicating copy to clipboard operation
databricks-sdk-java copied to clipboard

Published 20 hours ago verified publisher icon databricks

databricks-jdbc-2.7.1 has vulnerability CVE-2022-23305

Open Shubachi opened this issue 9 months ago • 0 comments

This might not be the right place for this issue but I do not have access to https://github.com/databricks/databricks-jdbc. In DatabricksJDBC42-2.7.1.1004/META-INF/maven/commons-logging/pom.xml

We appear to be using commons-logging 1.2 https://mvnrepository.com/artifact/commons-logging/commons-logging/1.2

    <dependency>
      <groupId>log4j</groupId>
      <artifactId>log4j</artifactId>
      <version>1.2.17</version>
      <optional>true</optional>
    </dependency>

Which shows us using the vulnerable version of log4j.

Shubachi avatar Feb 18 '25 20:02 Shubachi