snowflake-jdbc icon indicating copy to clipboard operation
snowflake-jdbc copied to clipboard

Published 20 hours ago verified publisher icon snowflakedb

SNOW-526378: CVE-2021-33813 Vulnerability issue for tika 1.22 since snowflake-jdbc 3.9.0

Open xiaochenw-vmware opened this issue 3 years ago • 1 comments

Currently snowflake-jdbc (we are using 3.13.3) has dependency on Tika 1.22 which was reported in our product that facing CVE-2021-33813 Vulnerability issue. Any solution for this?

CVE-2021-33813 NVD: 2021/06/16 - CVSS v2 Base Score: 5.0 - CVSS v3.1 Base Score: 7.5 An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

snowflake-jdbc version: 3.13.3

xiaochenw-vmware avatar Jan 12 '22 04:01 xiaochenw-vmware

Hey @xiaochenw-vmware . We're looking at this and will get back to you shortly. Thank you for your patience!

sfc-gh-hchaturvedi avatar Jan 20 '22 19:01 sfc-gh-hchaturvedi

Latest driver has 2.4.1 version of tika lib.

sfc-gh-igarish avatar Mar 15 '23 23:03 sfc-gh-igarish