Andrew Kyle Purtell created HDFS-16796:
------------------------------------------
Summary: HDFS UIs embed problematic javascript components
Key: HDFS-16796
URL: https://issues.apache.org/jira/browse/HDFS-16796
Project: Hadoop HDFS
Issue Type: Bug
Affects Versions: 3.3.4
Reporter: Andrew Kyle Purtell
All Bootstrap versions 3.x have an issue covered by CVE-2018-14041, a cross
site scripting problem, fixed in Bootstrap versions 4.1.3 and later. This
requires a migration where Bootstrap 3.x is in use to Bootstrap 4.1.3+.
The component x-editable, an editor widget for Bootstrap, has a cross-site
scripting problem for which no fixed version exists. Requires use of an
alternative component or addition of a mitigating control.
Datatables versions less than 1.10.23 have problems like CVE-2020-28458.
Similar to YARN-11331.
Rather than collect these findings piecemeal, it is suggested this issue can be
used as an umbrella.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
