[
https://issues.apache.org/jira/browse/HDFS-16860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17644460#comment-17644460
]
ASF GitHub Bot commented on HDFS-16860:
---------------------------------------
theradtad opened a new pull request, #5194:
URL: https://github.com/apache/hadoop/pull/5194
<!--
Thanks for sending a pull request!
1. If this is your first time, please read our contributor guidelines:
https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute
2. Make sure your PR title starts with JIRA issue id, e.g.,
'HADOOP-17799. Your PR title ...'.
-->
### Description of PR
Upgrade moment.min.js to 2.29.4 to resolve
https://nvd.nist.gov/vuln/detail/CVE-2022-31129
Namenode and DataNode UI
> Upgrade moment.min.js to 2.29.4
> -------------------------------
>
> Key: HDFS-16860
> URL: https://issues.apache.org/jira/browse/HDFS-16860
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: build, ui
> Affects Versions: 3.4.0
> Reporter: D M Murali Krishna Reddy
> Assignee: D M Murali Krishna Reddy
> Priority: Major
> Labels: transitive-cve
>
> Upgrade moment.min.js to 2.29.4 to resolve
> https://nvd.nist.gov/vuln/detail/CVE-2022-31129
> "Users may notice a noticeable slowdown is observed with inputs above 10k
> characters. Users who pass user-provided strings without sanity length checks
> to moment constructor are vulnerable to (Re)DoS attacks. The problem is
> patched in 2.29.4"
> this only appears to affect the UI, not the yarn services, so it is a
> self-harm DoS rather than anything important. "if you pass in big strings the
> ui slows down"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
