You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@spark.apache.org by Sundar Sabapathi Meenakshi <su...@mcruncher.com> on 2022/04/29 02:51:03 UTC

Reg: CVE-2020-9480

Hi all,

          I am using spark-sql_2.12 dependency version 3.2.1 in my project.
My dependency tracker highlights  the transitive dependency  "unused"
from  spark-sql_2.12 as vulnerable. I check there is no update for these
artifacts since 2014. Is the artifact used anywhere in spark ?

To resolve this vulnerability,  can I exclude this "unused" artifact from
spark-sql_2.12 ?  Will it cause any issues in my project ?

Re: Reg: CVE-2020-9480

Posted by Sean Owen <sr...@gmail.com>.

It is not a real dependency, so should not be any issue. I am not sure why
your tool flags it at all.

On Thu, Apr 28, 2022 at 10:04 PM Sundar Sabapathi Meenakshi <
sundar@mcruncher.com> wrote:

> Hi all,
>
>           I am using spark-sql_2.12 dependency version 3.2.1 in my
> project. My dependency tracker highlights  the transitive dependency
> "unused"  from  spark-sql_2.12 as vulnerable. I check there is no update
> for these artifacts since 2014. Is the artifact used anywhere in spark ?
>
> To resolve this vulnerability,  can I exclude this "unused" artifact from
> spark-sql_2.12 ?  Will it cause any issues in my project ?
>
>
> ---------------------------------------------------------------------
> To unsubscribe e-mail: user-unsubscribe@spark.apache.org