You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Eugene Shinn (Truveta) (Jira)" <ji...@apache.org> on 2022/11/04 17:03:00 UTC

[jira] [Commented] (SPARK-39740) vis-timeline @ 4.2.1 vulnerable to XSS attacks

    [ https://issues.apache.org/jira/browse/SPARK-39740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629113#comment-17629113 ] 

Eugene Shinn (Truveta) commented on SPARK-39740:
------------------------------------------------

Any updates here?

> vis-timeline @ 4.2.1 vulnerable to XSS attacks
> ----------------------------------------------
>
>                 Key: SPARK-39740
>                 URL: https://issues.apache.org/jira/browse/SPARK-39740
>             Project: Spark
>          Issue Type: Bug
>          Components: Web UI
>    Affects Versions: 3.2.1, 3.3.0
>            Reporter: Eugene Shinn (Truveta)
>            Priority: Major
>
> Spark UI includes visjs/vis-timeline package@4.2.1, which is vulnerable to XSS attacks ([Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub Advisory Database|https://github.com/advisories/GHSA-9mrv-456v-pf22]). This version should be replaced with the next non-vulnerable issue - [Release v7.4.4 · visjs/vis-timeline (github.com)|https://github.com/visjs/vis-timeline/releases/tag/v7.4.4] or higher.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org