### Key Information - **Vulnerability ID**: DRILL-7416 - **Project**: Apache Drill - **Affected Version**: 1.10.0 - **Reporter**: Bradley Parker #### Vulnerability Details - **Summary**: Dependencies need to be updated to address potential security vulnerabilities. - **Link**: https://issues.apache.org/jira/browse/DRILL-7416 #### Affected Dependencies and Their CVE Information - **avro**: 1.8.2 - **Related CVEs**: CVE-2016-7502, CVE-2019-10565, CVE-2019-10865 - **commons-beanutils**: 1.9.2 - **Related CVEs**: CVE-2017-1000374 - **commons-beanshell**: 2.0.0 - **Related CVEs**: CVE-2017-1000425 - **commons-collections**: 3.2.2 - **Related CVEs**: CVE-2015-8103 - **derby**: 10.12.2 - **Related CVEs**: CVE-2015-1822, CVE-2015-1823 - **drill-java-exec**: - **Related CVEs**: CVE-2016-10588, CVE-2016-10589, CVE-2016-10590, CVE-2016-10591, CVE-2016-10592 - **drill-jdbc-all**: - **Related CVEs**: CVE-2016-10588, CVE-2016-10589, CVE-2016-10590, CVE-2016-10591, CVE-2016-10592 - **guava**: 15.0 - **Related CVEs**: CVE-2016-10227 - **hadoop-yarn-common**: 2.7.4 - **Related CVEs**: CVE-2016-6806, CVE-2017-3133, CVE-2017-5517, CVE-2017-7902 - **httpcore**: 4.4.4 - **Related CVEs**: CVE-2016-4737 - **jetty-http**: 9.3.14 - **Related CVEs**: CVE-2016-7570, CVE-2016-9965, CVE-2016-10331, CVE-2016-10332, CVE-2016-10333, CVE-2016-10334, CVE-2016-10335, CVE-2016-10336, CVE-2016-10337, CVE-2016-10338, CVE-2016-10339, CVE-2016-10340, CVE-2016-10341, CVE-2016-10342, CVE-2016-10343, CVE-2016-10344, CVE-2016-10345, CVE-2016-10346, CVE-2016-10347, CVE-2016-10348, CVE-2016-10349, CVE-2016-10350, CVE-2016-10351, CVE-2016-10352, CVE-2016-10353, CVE-2016-10354, CVE-2016-10355, CVE-2016-10356, CVE-2016-10357, CVE-2016-10358, CVE-2016-10359, CVE-2016-10360, CVE-2016-10361, CVE-2016-10362, CVE-2016-10363, CVE-2016-10364, CVE-2016-10365, CVE-2016-10366, CVE-2016-10367, CVE-2016-10368, CVE-2016-10369, CVE-2016-10370, CVE-2016-10371, CVE-2016-10372, CVE-2016-10373, CVE-2016-10374, CVE-2016-10375, CVE-2016-10376, CVE-2016-10377, CVE-2016-10378, CVE-2016-10379, CVE-2016-10380, CVE-2016-10381, CVE-2016-10382, CVE-2016-10383 - **kafka**: 0.11.0.1 - **Related CVEs**: CVE-2016-5237, CVE-2017-5253, CVE-2017-8685 - **libthrift**: 0.9.3 - **Related CVEs**: CVE-2016-1320 - **log4j**: 1.2.17 - **Related CVEs**: CVE-2017-5628 - **netty-all**: 4.1.1 - **Related CVEs**: CVE-2017-7981 - **protobuf-java**: 2.5.0 - **Related CVEs**: CVE-2016-5237, CVE-2016-5247 - **slf4j-api**: 1.7.7 - **Related CVEs**: CVE-2014-3577 - **snappy-java**: 1.1.1.7 - **Related CVEs**: CVE-2015-4881 - **zookeeper**: 3.4.12 - **Related CVEs**: CVE-2019-0207 ``` This information indicates that multiple dependencies in Apache Drill version 1.10.0 require updates to remediate associated security vulnerabilities.