You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-issues@hadoop.apache.org by "Anurag Parvatikar (Jira)" <ji...@apache.org> on 2022/12/09 05:29:00 UTC

[jira] [Assigned] (HDFS-16860) Upgrade moment.min.js to 2.29.4

     [ https://issues.apache.org/jira/browse/HDFS-16860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anurag Parvatikar reassigned HDFS-16860:
----------------------------------------

    Assignee: Anurag Parvatikar  (was: D M Murali Krishna Reddy)

> Upgrade moment.min.js to 2.29.4
> -------------------------------
>
>                 Key: HDFS-16860
>                 URL: https://issues.apache.org/jira/browse/HDFS-16860
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: build, ui
>    Affects Versions: 3.4.0
>            Reporter: D M Murali Krishna Reddy
>            Assignee: Anurag Parvatikar
>            Priority: Major
>              Labels: pull-request-available, transitive-cve
>
> Upgrade moment.min.js to 2.29.4 to resolve https://nvd.nist.gov/vuln/detail/CVE-2022-31129
> "Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4"
> this only appears to affect the UI, not the yarn services, so it is a self-harm DoS rather than anything important. "if you pass in big strings the ui slows down"



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org