You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Sundar (Jira)" <ji...@apache.org> on 2022/04/26 07:05:00 UTC
[jira] [Created] (SPARK-39020) [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12 highlight as vulnerable in dependency tracker
Sundar created SPARK-39020:
------------------------------
Summary: [CVE-2020-9480] Transitive dependency "unused" from spark-sql_2.12 highlight as vulnerable in dependency tracker
Key: SPARK-39020
URL: https://issues.apache.org/jira/browse/SPARK-39020
Project: Spark
Issue Type: Question
Components: Spark Core
Affects Versions: 3.2.1
Reporter: Sundar
I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency tracker highlights the transitive dependency "unused" from spark-sql_2.12 as vulnerable. I check there is no update for this artifacts since 2014. Is the artifact used anywhere in spark ?
To resolve this vulnerability, can I exclude this "unused" artifact from spark-sql_2.12 ? Will it cause any issues in my project ?
!image-2022-04-26-14-50-31-521.png!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org