[
https://issues.apache.org/jira/browse/FLINK-39191?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martijn Visser resolved FLINK-39191.
------------------------------------
Fix Version/s: 2.4.0
Resolution: Fixed
Fixed in apache/flink:master 913207b3afa614b63128dc7f55d7f516ef8eff6d
> Upgrade monaco-editor to 0.55.1 to get rid of DOMPurify CVEs
> ------------------------------------------------------------
>
> Key: FLINK-39191
> URL: https://issues.apache.org/jira/browse/FLINK-39191
> Project: Flink
> Issue Type: Bug
> Reporter: Yaroslav
> Assignee: Gyula Komlossi
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.4.0
>
>
> Currently Flink uses monaco-editor of version 0.31.1, which seems to depend
> on DOMPurify of version 2.3.1, which is vulnerable by CVE-2024-48910,
> CVE-2024-45801, CVE-2024-47875 and CVE-2025-26791.
> The latest monaco-editor release, 0.55.1, uses DOMPurify of version 3.2.7,
> which is not vulnerable by any of those CVEs.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)