[
https://issues.apache.org/jira/browse/SPARK-43864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
gaoyajun02 updated SPARK-43864:
-------------------------------
Description:
CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]
It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in
spark
```
<dependency>
<groupId>org.htmlunit</groupId>
<artifactId>htmlunit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.htmlunit</groupId>
<artifactId>htmlunit-core-js</artifactId>
<scope>test</scope>
</dependency>
```
see: [https://www.htmlunit.org/migration.html]
> Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before
> 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SPARK-43864
> URL: https://issues.apache.org/jira/browse/SPARK-43864
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: gaoyajun02
> Priority: Major
>
> CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]
> It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in
> spark
> ```
> <dependency>
> <groupId>org.htmlunit</groupId>
> <artifactId>htmlunit</artifactId>
> <scope>test</scope>
> </dependency>
> <dependency>
> <groupId>org.htmlunit</groupId>
> <artifactId>htmlunit-core-js</artifactId>
> <scope>test</scope>
> </dependency>
> ```
> see: [https://www.htmlunit.org/migration.html]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
