[jira] [Work started] (HBASE-30005) Fix 1 high (flatted), 1 moderate (ajv) CVE in website dependencies

Jira Tue, 17 Mar 2026 06:10:16 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-30005?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Work on HBASE-30005 started by Dávid Paksy.
-------------------------------------------
> Fix 1 high (flatted), 1 moderate (ajv) CVE in website dependencies
> ------------------------------------------------------------------
>
>                 Key: HBASE-30005
>                 URL: https://issues.apache.org/jira/browse/HBASE-30005
>             Project: HBase
>          Issue Type: Task
>          Components: dependencies, security
>            Reporter: Dávid Paksy
>            Assignee: Dávid Paksy
>            Priority: Major
>
>    npm audit report
>     
>     ajv  <6.14.0
>     Severity: moderate
>     ajv has ReDoS when using `$data` option - 
> https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
>     fix available via `npm audit fix`
>     node_modules/ajv
>     
>     flatted  <3.4.0
>     Severity: high
>     flatted vulnerable to unbounded recursion DoS in parse() revive phase - 
> https://github.com/advisories/GHSA-25h7-pfq9-p65f
>     fix available via `npm audit fix`
>     node_modules/flatted
>     
>     2 vulnerabilities (1 moderate, 1 high)
>     
>     To address all issues, run:
>       npm audit fix



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work started] (HBASE-30005) Fix 1 high (flatted), 1 moderate (ajv) CVE in website dependencies

Reply via email to