9.1
CVSS CVSS_V3
Status
Impact
The upstream project relies on a number of "shaded JARs", making it harder to update dependencies. The upstream project will need to migrate away from "alluxio-shaded-client-2.9.3.jar" for this vulnerability to be resolved.
Status
Impact
We have determined that the offending java class is included in the package via the JAR "alluxio-shaded-client-2.9.3.jar". This vulnerability only affects the Zookeeper server, which is likely not used by the package, but the exact impact is unknown.