Palakur Eshwitha Sai created YARN-11739: -------------------------------------------
Summary: Update jquery in hadoop-yarn-catalog-webapp due to CVEs Key: YARN-11739 URL: https://issues.apache.org/jira/browse/YARN-11739 Project: Hadoop YARN Issue Type: Task Components: webapp Reporter: Palakur Eshwitha Sai The hadoop-yarn-applications-catalog-webapp war file which is bundled as a part of hadoop tarball has jquery 3.3.1 which is identified with the below CVEs: [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358] [CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023] [CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064] Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html] Occurrences: * bower.json located at hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery * core.js located at hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist * jquery.js located at hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist * jquery.min.js located at hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist and 117 other files. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org