You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Sundar (Jira)" <ji...@apache.org> on 2022/04/26 07:06:00 UTC
[jira] [Updated] (SPARK-39020) [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12 highlight as vulnerable in dependency tracker
[ https://issues.apache.org/jira/browse/SPARK-39020?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sundar updated SPARK-39020:
---------------------------
Description:
I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency tracker highlights the transitive dependency "unused" from spark-sql_2.12 as vulnerable. I check there is no update for this artifacts since 2014. Is the artifact used anywhere in spark ?
To resolve this vulnerability, can I exclude this "unused" artifact from spark-sql_2.12 ? Will it cause any issues in my project ?
was:
I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency tracker highlights the transitive dependency "unused" from spark-sql_2.12 as vulnerable. I check there is no update for this artifacts since 2014. Is the artifact used anywhere in spark ?
To resolve this vulnerability, can I exclude this "unused" artifact from spark-sql_2.12 ? Will it cause any issues in my project ?
!image-2022-04-26-14-50-31-521.png!
> [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12 highlight as vulnerable in dependency tracker
> -------------------------------------------------------------------------------------------------------------------
>
> Key: SPARK-39020
> URL: https://issues.apache.org/jira/browse/SPARK-39020
> Project: Spark
> Issue Type: Question
> Components: Spark Core
> Affects Versions: 3.2.1
> Reporter: Sundar
> Priority: Minor
> Attachments: Dependency-Track.png
>
>
> I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency tracker highlights the transitive dependency "unused" from spark-sql_2.12 as vulnerable. I check there is no update for this artifacts since 2014. Is the artifact used anywhere in spark ?
> To resolve this vulnerability, can I exclude this "unused" artifact from spark-sql_2.12 ? Will it cause any issues in my project ?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org