[
https://issues.apache.org/jira/browse/HDFS-17610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Palakur Eshwitha Sai updated HDFS-17610:
----------------------------------------
Description:
The current versions of bootstrap has multiple medium severity CVEs reported
till date and needs to be updated to the latest versions with no reported CVEs.
[CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484]
[CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531]
[CVE-2024-6485|https://nvd.nist.gov/vuln/detail/CVE-2024-6485]
For [CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484], our tool
states that:
This vulnerability affects all 4.x and 5.x versions and not only those leading
up to and including {{{}3.4.1{}}}.
For [CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531], our tool
states that:
This vulnerability was introduced in version {{{}2.0.0{}}}, not {{4.0.0}} as
the advisory states. Additionally, this vulnerability affects all 5.x versions
and not only the versions leading up to and including {{{}4.6.2{}}}.
Therefore, alternative upgrade path needs to be found for the same as there is
no non-vulnerable upgrade version for this component/package at the moment.
was:
The current versions of bootstrap has multiple medium severity CVEs reported
till date and needs to be updated to the latest versions with no reported CVEs.
[CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484]
[CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531]
[CVE-2024-6485|https://nvd.nist.gov/vuln/detail/CVE-2024-6485]
For [CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484], our tool
states that:
This vulnerability affects all 4.x and 5.x versions and not only those leading
up to and including {{{}3.4.1{}}}.
For [CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531], our tool
states that:
This vulnerability was introduced in version {{{}2.0.0{}}}, not {{4.0.0}} as
the advisory states. Additionally, this vulnerability affects all 5.x versions
and not only the versions leading up to and including {{{}4.6.2{}}}.
Therefore, alternative upgrade path needs to be found for the same as there is
no non-vulnerable upgrade path for this component/package at the moment.
> Upgrade Bootstrap version used in HDFS UI to fix CVE
> ----------------------------------------------------
>
> Key: HDFS-17610
> URL: https://issues.apache.org/jira/browse/HDFS-17610
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Palakur Eshwitha Sai
> Priority: Major
>
> The current versions of bootstrap has multiple medium severity CVEs reported
> till date and needs to be updated to the latest versions with no reported
> CVEs.
> [CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484]
> [CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531]
> [CVE-2024-6485|https://nvd.nist.gov/vuln/detail/CVE-2024-6485]
> For [CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484], our tool
> states that:
> This vulnerability affects all 4.x and 5.x versions and not only those
> leading up to and including {{{}3.4.1{}}}.
> For [CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531], our tool
> states that:
> This vulnerability was introduced in version {{{}2.0.0{}}}, not {{4.0.0}} as
> the advisory states. Additionally, this vulnerability affects all 5.x
> versions and not only the versions leading up to and including {{{}4.6.2{}}}.
> Therefore, alternative upgrade path needs to be found for the same as there
> is no non-vulnerable upgrade version for this component/package at the moment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
