[SPARK-39740] vis-timeline @ 4.2.1 vulnerable to XSS attacks - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.2.1, 3.3.0
Fix Version/s: 3.5.0
Component/s: Web UI
Labels:
None

Description

Spark UI includes visjs/vis-timeline package@4.2.1, which is vulnerable to XSS attacks (Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub Advisory Database). This version should be replaced with the next non-vulnerable issue - Release v7.4.4 · visjs/vis-timeline (github.com) or higher.

Attachments

Issue Links

links to

[Github] Pull Request #41613 (shrprasa)

[Github] Pull Request #41613 (shrprasa)

Activity

People

Assignee:: Shrikant Prasad

Reporter:: Eugene Shinn (Truveta)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Jul/22 05:59

Updated:: 24/Jun/23 15:05

Resolved:: 24/Jun/23 15:05