[jira] [Commented] (YARN-11739) Update jquery in hadoop-yarn-catalog-webapp due to CVEs

Tue, 12 Nov 2024 01:30:21 -0800 


    [ 
https://issues.apache.org/jira/browse/YARN-11739?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17897425#comment-17897425
 ] 

Bhavik Patel commented on YARN-11739:
-------------------------------------

[~HadoopDev]  [~committer]  Kindly help to fix this critical findings

> Update jquery in hadoop-yarn-catalog-webapp due to CVEs
> -------------------------------------------------------
>
>                 Key: YARN-11739
>                 URL: https://issues.apache.org/jira/browse/YARN-11739
>             Project: Hadoop YARN
>          Issue Type: Task
>          Components: webapp
>            Reporter: Palakur Eshwitha Sai
>            Priority: Major
>
> The hadoop-yarn-applications-catalog-webapp war file which is bundled as a 
> part of hadoop tarball has *jquery* *3.3.1* which is identified with the 
> below CVEs:
> [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
> [CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023]
> [CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064]
> Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html]
> Occurrences:
>  * bower.json located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery
>  * core.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
>  * jquery.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
>  * jquery.min.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
> and 117 other files.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to