[
https://issues.apache.org/jira/browse/YUNIKORN-3181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043434#comment-18043434
]
Wilfred Spiegelenburg commented on YUNIKORN-3181:
-------------------------------------------------
Note: the angular-cli high CVE is an indirect dependency and we do not serve
via a js based server in production setups. It has also not been marked as an
issue in the angular releases. Requires code changes in the angular code to
allow upgrade to 1.23 for the dependency closing the alert as not relevant for
us:
[Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding
protection by
default|https://github.com/apache/yunikorn-web/security/dependabot/137]
> dependabot marked high CVE in yunikorn-web
> ------------------------------------------
>
> Key: YUNIKORN-3181
> URL: https://issues.apache.org/jira/browse/YUNIKORN-3181
> Project: Apache YuniKorn
> Issue Type: Task
> Components: webapp
> Reporter: Wilfred Spiegelenburg
> Assignee: Wilfred Spiegelenburg
> Priority: Major
>
> Upgrade the angular compiler to fix this high CVE:
> [Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML
> Attributes|https://github.com/apache/yunikorn-web/security/dependabot/136]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
