[
https://issues.apache.org/jira/browse/ATLAS-4938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17930557#comment-17930557
]
didada edited comment on ATLAS-4938 at 2/26/25 7:49 AM:
--------------------------------------------------------
[~Farhan Khan] ,[~brijesh.bhalala] hello
Now I meet CVE-2024-46910.
[https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy]
I found a commit here may have some relation to the CVE.
DOMPurify version of 3.2.4 sovled CVE-2025-26791 which is also about XSS.
refered to [https://nvd.nist.gov/vuln/detail/CVE-2025-26791]
In my company, I can not upgrade Atlas to 2.4.0 directly. Whether I can merge
this patch to sovle the CVE-2024-46910?
was (Author: JIRAUSER308841):
[~Farhan Khan] hello
Now I meet CVE-2024-46910.
[https://lists.apache.org/thread/sqzp34l4cdk21zoq5g31qlsvr7jvb1fy]
I found a commit here may have some relation to the CVE.
DOMPurify version of 3.2.4 sovled CVE-2025-26791 which is also about XSS.
refered to [https://nvd.nist.gov/vuln/detail/CVE-2025-26791]
In my company, I can not upgrade Atlas to 2.4.0 directly. Whether I can merge
this patch to sovle the CVE-2024-46910?
> Atlas: Upgrade DOMPurify to latest version.
> -------------------------------------------
>
> Key: ATLAS-4938
> URL: https://issues.apache.org/jira/browse/ATLAS-4938
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Brijesh Bhalala
> Assignee: Farhan Khan
> Priority: Major
> Attachments:
> 0001-ATLAS-4938-UI-Upgrade-DOMPurify-to-latest-version.patch
>
>
> Update the DOMPurify library to latest version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
