[
https://issues.apache.org/jira/browse/SPARK-32723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17205607#comment-17205607
]
Apache Spark commented on SPARK-32723:
--------------------------------------
User 'n-marion' has created a pull request for this issue:
https://github.com/apache/spark/pull/29922
> Upgrade to jQuery 3.5.1
> -----------------------
>
> Key: SPARK-32723
> URL: https://issues.apache.org/jira/browse/SPARK-32723
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Ashish Kumar Singh
> Assignee: Peter Toth
> Priority: Major
> Labels: Security
> Fix For: 3.1.0
>
>
> Spark 3.0, Spark 2.4.x uses JQuery version < 3.5 which has known security
> vulnerability in Spark Master UI and Spark Worker UI.
> Can we please upgrade JQuery to 3.5 and above ?
> [https://www.tenable.com/plugins/nessus/136929]
> ??According to the self-reported version in the script, the version of JQuery
> hosted on the remote web server is greater than or equal to 1.2 and prior to
> 3.5.0. It is, therefore, affected by multiple cross site scripting
> vulnerabilities.??
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
