Alexander Bouriakov created SPARK-39793:
-------------------------------------------
Summary: How to treat/eliminate CVE-2021-4048 (reported for
arpack_combined_all-0.1.jar)
Key: SPARK-39793
URL: https://issues.apache.org/jira/browse/SPARK-39793
Project: Spark
Issue Type: Question
Components: MLlib
Affects Versions: 3.3.0
Reporter: Alexander Bouriakov
The following CVE is reported for arpack_combined_all-0.1.jar which is used inĀ
org.apache.spark:spark-graphx_2.13 which in turn is used in mllib :
[https://nvd.nist.gov/vuln/detail/CVE-2021-4048]
Questions: how relevant is this issue, can it be safely ignored?
It seems that arpack_combined_all-0.1.jar is really needed because when
removing it from the CLASSPATH, a NoClassDefFoundError: org/netlib/blas/Sdot is
reported.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
