You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-issues@hadoop.apache.org by "Anurag Parvatikar (Jira)" <ji...@apache.org> on 2022/12/09 05:29:00 UTC
[jira] [Assigned] (HDFS-16860) Upgrade moment.min.js to 2.29.4
[ https://issues.apache.org/jira/browse/HDFS-16860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anurag Parvatikar reassigned HDFS-16860:
----------------------------------------
Assignee: Anurag Parvatikar (was: D M Murali Krishna Reddy)
> Upgrade moment.min.js to 2.29.4
> -------------------------------
>
> Key: HDFS-16860
> URL: https://issues.apache.org/jira/browse/HDFS-16860
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: build, ui
> Affects Versions: 3.4.0
> Reporter: D M Murali Krishna Reddy
> Assignee: Anurag Parvatikar
> Priority: Major
> Labels: pull-request-available, transitive-cve
>
> Upgrade moment.min.js to 2.29.4 to resolve https://nvd.nist.gov/vuln/detail/CVE-2022-31129
> "Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4"
> this only appears to affect the UI, not the yarn services, so it is a self-harm DoS rather than anything important. "if you pass in big strings the ui slows down"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org