[ https://issues.apache.org/jira/browse/YARN-11356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bence Kosztolnik reassigned YARN-11356: --------------------------------------- Assignee: Bence Kosztolnik > Upgrade DataTables to 1.11.5 to fix CVEs > ---------------------------------------- > > Key: YARN-11356 > URL: https://issues.apache.org/jira/browse/YARN-11356 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn > Affects Versions: 3.3.4 > Reporter: Bence Kosztolnik > Assignee: Bence Kosztolnik > Priority: Major > > This ticket is intended to fix the following CVEs in the *DataTables.net* lib. > *CVE-2020-28458 (HIGH severity)* - All versions of package datatables.net are > vulnerable to Prototype Pollution due to an incomplete fix forĀ > [https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806]. > https://nvd.nist.gov/vuln/detail/CVE-2020-28458 > *CVE-2021-23445 (MEDIUM severity)* - This affects the package datatables.net > before 1.11.3. If an array is passed to the HTML escape entities function it > would not have its contents escaped. > https://nvd.nist.gov/vuln/detail/CVE-2021-23445 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org