[jira] [Updated] (SPARK-43864) Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL

gaoyajun02 (Jira) Mon, 29 May 2023 03:17:03 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-43864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


gaoyajun02 updated SPARK-43864:
-------------------------------
    Description: 
CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]

It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in 
spark
{code:java}
    <dependency>
      <groupId>org.htmlunit</groupId>
      <artifactId>htmlunit</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.htmlunit</groupId>
      <artifactId>htmlunit-core-js</artifactId>
      <scope>test</scope>
    </dependency> {code}
see: [https://www.htmlunit.org/migration.html]

  was:
CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]

It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in 
spark

```

    <dependency>
      <groupId>org.htmlunit</groupId>
      <artifactId>htmlunit</artifactId>
      <scope>test</scope>
    </dependency>
    <dependency>
      <groupId>org.htmlunit</groupId>
      <artifactId>htmlunit-core-js</artifactId>
      <scope>test</scope>
    </dependency>

```

see: [https://www.htmlunit.org/migration.html]


> Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 
> 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL
> ----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-43864
>                 URL: https://issues.apache.org/jira/browse/SPARK-43864
>             Project: Spark
>          Issue Type: Improvement
>          Components: Build
>    Affects Versions: 3.4.0
>            Reporter: gaoyajun02
>            Priority: Major
>
> CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]
> It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in 
> spark
> {code:java}
>     <dependency>
>       <groupId>org.htmlunit</groupId>
>       <artifactId>htmlunit</artifactId>
>       <scope>test</scope>
>     </dependency>
>     <dependency>
>       <groupId>org.htmlunit</groupId>
>       <artifactId>htmlunit-core-js</artifactId>
>       <scope>test</scope>
>     </dependency> {code}
> see: [https://www.htmlunit.org/migration.html]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (SPARK-43864) Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL

Reply via email to