Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-39793

How to treat/eliminate CVE-2021-4048 (reported for arpack_combined_all-0.1.jar)

    XMLWordPrintableJSON

Details

    • Question
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 3.3.0
    • None
    • MLlib
    • None

    Description

      The following CVE is reported for arpack_combined_all-0.1.jar which is used inĀ  org.apache.spark:spark-graphx_2.13 which in turn is used in mllib : https://nvd.nist.gov/vuln/detail/CVE-2021-4048

      Questions: how relevant is this issue, can it be safely ignored?

      It seems that arpack_combined_all-0.1.jar is really needed because when removing it from the CLASSPATH, a NoClassDefFoundError: org/netlib/blas/Sdot is reported.

      Attachments

        Activity

          People

            Unassigned Unassigned
            alexnb Alexander Bouriakov
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: