[ https://issues.apache.org/jira/browse/SPARK-35519?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Louis DEFLANDRE updated SPARK-35519: ------------------------------------ Description: Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in {{spark-3.0.2-bin-hadoop3.2}} coming from obsolete {{nimbus-jose-jwt}} {{4.41.1}} : * [CVE-2019-17195|https://nvd.nist.gov/vuln/detail/CVE-2019-17195] This package is shipped within {{jars/nimbus-jose-jwt-4.41.1.jar}} was: Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in `spark-3.0.2-bin-hadoop3.2` coming from obsolete `nimbus-jose-jwt` `4.41.1` : * [CVE-2019-17195|https://nvd.nist.gov/vuln/detail/CVE-2019-17195] This package is shipped within `jars/nimbus-jose-jwt-4.41.1.jar` > Critical Vulnerabilities: nimbusds_nimbus-jose-jwt 4.41.1 shipped > ----------------------------------------------------------------- > > Key: SPARK-35519 > URL: https://issues.apache.org/jira/browse/SPARK-35519 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 3.0.2 > Reporter: Louis DEFLANDRE > Priority: Major > > Vulnerabilities scanner is highlighting following CRITICAL vulnerabilities in > {{spark-3.0.2-bin-hadoop3.2}} coming from obsolete {{nimbus-jose-jwt}} > {{4.41.1}} : > * [CVE-2019-17195|https://nvd.nist.gov/vuln/detail/CVE-2019-17195] > This package is shipped within {{jars/nimbus-jose-jwt-4.41.1.jar}} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org