Re: Vulnerabilities in htrace-core4-4.1.0-incubating.jar jar used in spark.

What scanner did you use? Looks like all CVEs you listed for jackson-databind-xxx.jar are for older versions (2.9.10.x).  A quick search on NVD revealed that there is only one CVE (CVE-2020-36518) that affects your Spark versions.  This CVE (not on your scanned CVE list) is on jackson-databind

Re: Vulnerabilities in htrace-core4-4.1.0-incubating.jar jar used in spark.

We scanned 3 versions of spark 3.0.0, 3.1.3, 3.2.1 On Tue, 26 Apr, 2022, 18:46 Bjørn Jørgensen, wrote: > What version of spark is it that you have scanned? > > > > tir. 26. apr. 2022 kl. 12:48 skrev HARSH TAKKAR : > >> Hello, >> >> Please let me know if there is a fix available for following

Re: Vulnerabilities in htrace-core4-4.1.0-incubating.jar jar used in spark.

What version of spark is it that you have scanned? tir. 26. apr. 2022 kl. 12:48 skrev HARSH TAKKAR : > Hello, > > Please let me know if there is a fix available for following > vulnerabilities in htrace jar used in spark jars folder. > > LIBRARY: com.fasterxml.jackson.core:jackson-databind > >

Re: Vulnerabilities in htrace-core4-4.1.0-incubating.jar jar used in spark.

Spark version 3.3 will have this fixed. Spark github 35981 tir. 26. apr. 2022 kl. 12:48 skrev HARSH TAKKAR : > Hello, > > Please let me know if there is a fix available for following > vulnerabilities in htrace jar used in spark jars folder. > >

Vulnerabilities in htrace-core4-4.1.0-incubating.jar jar used in spark.

Hello, Please let me know if there is a fix available for following vulnerabilities in htrace jar used in spark jars folder. LIBRARY: com.fasterxml.jackson.core:jackson-databind VULNERABILITY IDs : CVE-2020-9548 CVE-2020-9547 CVE-2020-8840 CVE-2020-36179 CVE-2020-35491