Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-28496

Address CVE-2020-28487 due to 4.20.0 version of vis.js

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 4.1.0
    • None

    Description

      This is to address CVE-2020-28487 coming from 4.20.0 version of vis.js from the file vis.min.js. This file is being used in the recently added Query plan tab in the HiveServer2 web UI.

       

      The project vis.js has been split up into sub projects(from version 5.0.0) from which we only require the Network sub-project. This sub-project contains both vis.Network and vis.Dataset that we require from vis.min.js.

       

      Link to CVE-2020-28487: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28487

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            kiranvelumuri Kiran Velumuri Assign to me
            kiranvelumuri Kiran Velumuri
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment