exasol / azure-blob-storage-document-files-virtual-schema Goto Github PK
View Code? Open in Web Editor NEWVirtual Schema for document files on Azure Blob Storage.
License: MIT License
Virtual Schema for document files on Azure Blob Storage.
License: MIT License
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
CVE: CVE-2024-29133
CWE: CWE-787
Uploading of the regression test result has changed. We need to adapt to the new process.
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.
Users are recommended to upgrade to version 1.26.0 which fixes the issue.
CVE: CVE-2024-25710
CWE: CWE-835
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project azure-blob-storage-document-files-virtual-schema: Detected 4 vulnerable components:
Error: org.apache.commons:commons-compress:jar:1.22:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-42503] CWE-20: Improper Input Validation (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-42503?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: io.netty:netty-handler:jar:4.1.94.Final:compile; https://ossindex.sonatype.org/component/pkg:maven/io.netty/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-4586] CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') (6.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven&component-name=io.netty%2Fnetty-handler&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: org.xerial.snappy:snappy-java:jar:1.1.10.1:compile; https://ossindex.sonatype.org/component/pkg:maven/org.xerial.snappy/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-43642] CWE-770: Allocation of Resources Without Limits or Throttling (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-43642?component-type=maven&component-name=org.xerial.snappy%2Fsnappy-java&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: org.eclipse.jgit:org.eclipse.jgit:jar:6.3.0.202209071007-r:test; https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jgit/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-4759] CWE-178: Improper Handling of Case Sensitivity (8.8); https://ossindex.sonatype.org/vulnerability/CVE-2023-4759?component-type=maven&component-name=org.eclipse.jgit%2Forg.eclipse.jgit&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
โ Error: Your query returned no results. Please change your search criteria and try again.
โ
โ with module.exasol_setup.module.exasol.data.aws_ami.exasol,
โ on .terraform/modules/exasol_setup.exasol/main.tf line 1, in data "aws_ami" "exasol":
โ 1: data "aws_ami" "exasol" {
IntegrationTestSetup.java sets constant values for DEBUG_ADDRESS
and LOG_LEVEL
.
if (System.getProperty("test.vs-logs", "false").equals("true")) {
properties.put("DEBUG_ADDRESS", "127.0.0.1:3001");
Please consider to remove these lines and propose using the system properties supported by exasol/test-db-builder-java#103 in the documentation (either user_guide or developer_guide).
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVE: CVE-2024-25638
CWE: CWE-345
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
CVE: CVE-2024-29131
CWE: CWE-787
See log messages from build job Dependency Check
Excluded vulnerabilities:
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe
to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.
CVE: CVE-2024-36114
CWE: CWE-125
First version of azure blob storage virtual schema.
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
CVE: CVE-2024-29025
CWE: CWE-770
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
CVE: CVE-2023-52428
CWE: CWE-400
With version 9.0.0 it's part of virtual-schema-common-document
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project azure-blob-storage-document-files-virtual-schema: Detected 1 vulnerable components:
Error: org.apache.avro:avro:jar:1.7.7:compile; https://ossindex.sonatype.org/component/pkg:maven/org.apache.avro/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-39410] CWE-502: Deserialization of Untrusted Data (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-39410?component-type=maven&component-name=org.apache.avro%2Favro&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project azure-blob-storage-document-files-virtual-schema: Detected 1 vulnerable components:
Error: io.projectreactor.netty:reactor-netty-http:jar:1.0.34:compile; https://ossindex.sonatype.org/component/pkg:maven/io.projectreactor.netty/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-34062] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-34062?component-type=maven&component-name=io.projectreactor.netty%2Freactor-netty-http&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
IntegrationTestSetup.getHostOverride()
currently returns Optional<String>
and contains some logic to extract hostname and port from a string.
Proposal
Optional
in AbsTestSetup.getHostOverride()
and IntegrationTestSetup.getHostOverride()
.AbsTestSetup.makeTcpServiceAccessibleFromDatabase(LocalServiceExposer exposer)
Upgrade to https://github.com/exasol/virtual-schema-common-document-files/releases/tag/8.1.0 (exasol/virtual-schema-common-document-files#163) to add support for configuring column name conversion for automatic mapping inference.
We introduce nanosecond precision in virtual-schema-common-document
.
This needs to be propagated to Azure Blob Storage Document Files Virtual Schema by updating the dependency.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.
Users are recommended to upgrade to version 1.26, which fixes the issue.
CVE: CVE-2024-26308
CWE: CWE-770
Auto inference for CSV files was implemented in exasol/virtual-schema-common-document-files#131 and exasol/virtual-schema-common-document-files#130 / virtual-schema-common-document-files 7.3.0.
In exasol/virtual-schema-common-document-files#135 we updated performance regresson tests to use CSV data types. Now e need to upgrade https://github.com/exasol/virtual-schema-common-document-files to version 7.1.3.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.