Palakur Eshwitha Sai created YARN-11739:
-------------------------------------------

             Summary: Update jquery in hadoop-yarn-catalog-webapp due to CVEs
                 Key: YARN-11739
                 URL: https://issues.apache.org/jira/browse/YARN-11739
             Project: Hadoop YARN
          Issue Type: Task
          Components: webapp
            Reporter: Palakur Eshwitha Sai


The hadoop-yarn-applications-catalog-webapp war file which is bundled as a part 
of hadoop tarball has jquery 3.3.1 which is identified with the below CVEs:

[CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]

[CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023]

[CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064]

Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html]

Occurrences:
 * bower.json located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery
 * core.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.min.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist

and 117 other files.

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to