You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Eugene Shinn (Truveta) (Jira)" <ji...@apache.org> on 2022/07/11 06:00:00 UTC

[jira] [Created] (SPARK-39740) vis-timeline @ 4.2.1 vulnerable to XSS attacks

Eugene Shinn (Truveta) created SPARK-39740:
----------------------------------------------

             Summary: vis-timeline @ 4.2.1 vulnerable to XSS attacks
                 Key: SPARK-39740
                 URL: https://issues.apache.org/jira/browse/SPARK-39740
             Project: Spark
          Issue Type: Bug
          Components: Web UI
    Affects Versions: 3.3.0, 3.2.1
            Reporter: Eugene Shinn (Truveta)


Spark UI includes visjs/vis-timeline package@4.2.1, which is vulnerable to XSS attacks ([Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub Advisory Database|https://github.com/advisories/GHSA-9mrv-456v-pf22]). This version should be replaced with the next non-vulnerable issue - [Release v7.4.4 · visjs/vis-timeline (github.com)|https://github.com/visjs/vis-timeline/releases/tag/v7.4.4] or higher.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org