[jira] [Created] (YUNIKORN-3207) Update dependencies for CVE fixes

Wilfred Spiegelenburg (Jira) Sun, 25 Jan 2026 20:23:13 -0800

Wilfred Spiegelenburg created YUNIKORN-3207:
-----------------------------------------------


             Summary: Update dependencies for CVE fixes
                 Key: YUNIKORN-3207
                 URL: https://issues.apache.org/jira/browse/YUNIKORN-3207
             Project: Apache YuniKorn
          Issue Type: Improvement
          Components: security, webapp
            Reporter: Wilfred Spiegelenburg


Another set of CVE upgrades that cannot be applied by dependabot:
 * CVE-2025-13465: Lodash has Prototype Pollution Vulnerability in `_.unset` 
and `_.omit` functions (Moderate)
 * CVE-2026-23950 Race Condition in node-tar Path Reservations via Unicode 
Ligature Collisions on macOS APFS (High)
 * CVE-2026-23745 node-tar is Vulnerable to Arbitrary File Overwrite and 
Symlink Poisoning via Insufficient Path Sanitization (High)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (YUNIKORN-3207) Update dependencies for CVE fixes

Reply via email to