You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spark.apache.org by Sundar Sabapathi Meenakshi <su...@mcruncher.com> on 2022/04/29 02:51:03 UTC
Reg: CVE-2020-9480
Hi all,
I am using spark-sql_2.12 dependency version 3.2.1 in my project.
My dependency tracker highlights the transitive dependency "unused"
from spark-sql_2.12 as vulnerable. I check there is no update for these
artifacts since 2014. Is the artifact used anywhere in spark ?
To resolve this vulnerability, can I exclude this "unused" artifact from
spark-sql_2.12 ? Will it cause any issues in my project ?
Re: Reg: CVE-2020-9480
Posted by Sean Owen <sr...@gmail.com>.
It is not a real dependency, so should not be any issue. I am not sure why
your tool flags it at all.
On Thu, Apr 28, 2022 at 10:04 PM Sundar Sabapathi Meenakshi <
sundar@mcruncher.com> wrote:
> Hi all,
>
> I am using spark-sql_2.12 dependency version 3.2.1 in my
> project. My dependency tracker highlights the transitive dependency
> "unused" from spark-sql_2.12 as vulnerable. I check there is no update
> for these artifacts since 2014. Is the artifact used anywhere in spark ?
>
> To resolve this vulnerability, can I exclude this "unused" artifact from
> spark-sql_2.12 ? Will it cause any issues in my project ?
>
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: user-unsubscribe@spark.apache.org