You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Eugene Shinn (Truveta) (Jira)" <ji...@apache.org> on 2022/11/04 17:03:00 UTC
[jira] [Commented] (SPARK-39740) vis-timeline @ 4.2.1 vulnerable to XSS attacks
[ https://issues.apache.org/jira/browse/SPARK-39740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629113#comment-17629113 ]
Eugene Shinn (Truveta) commented on SPARK-39740:
------------------------------------------------
Any updates here?
> vis-timeline @ 4.2.1 vulnerable to XSS attacks
> ----------------------------------------------
>
> Key: SPARK-39740
> URL: https://issues.apache.org/jira/browse/SPARK-39740
> Project: Spark
> Issue Type: Bug
> Components: Web UI
> Affects Versions: 3.2.1, 3.3.0
> Reporter: Eugene Shinn (Truveta)
> Priority: Major
>
> Spark UI includes visjs/vis-timeline package@4.2.1, which is vulnerable to XSS attacks ([Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub Advisory Database|https://github.com/advisories/GHSA-9mrv-456v-pf22]). This version should be replaced with the next non-vulnerable issue - [Release v7.4.4 · visjs/vis-timeline (github.com)|https://github.com/visjs/vis-timeline/releases/tag/v7.4.4] or higher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org