Bence Kosztolnik created YARN-11356: ---------------------------------------
Summary: Upgrade DataTables to 1.11.5 to fix CVEs Key: YARN-11356 URL: https://issues.apache.org/jira/browse/YARN-11356 Project: Hadoop YARN Issue Type: Improvement Components: yarn Affects Versions: 3.3.4 Reporter: Bence Kosztolnik This ticket is intended to fix the following CVEs in the *DataTables.net* lib. *CVE-2020-28458 (HIGH severity)* - All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix forĀ [https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806]. https://nvd.nist.gov/vuln/detail/CVE-2020-28458 *CVE-2021-23445 (MEDIUM severity)* - This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. https://nvd.nist.gov/vuln/detail/CVE-2021-23445 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org