7.5
CVSS V3
Status
Fixed version
439-r0Status
Impact
The upstream project relies on a number of "shaded JARs", making it harder to update dependencies. The upstream project will need to migrate away from "rubix-presto-shaded-0.3.18.jar" for this vulnerability to be resolved. This will likely involve a migration to a different package, since com.qubole.rubix.rubix-presto-shaded was last updated on 2020-11-24.
Status
Impact
The offending code is included in this package via the JAR "rubix-presto-shaded-0.3.18.jar"