[
https://issues.apache.org/jira/browse/SPARK-35054?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331634#comment-17331634
]
Shashank Jain commented on SPARK-35054:
---------------------------------------
Hi [~srowen] i have creating docker for spark with base openjdk and it is
coming from openjdk and also from some libraries which spark docker installed
this vulnerability coming through that as well.
Currently when we are creating spark docker it showing critical vulnerability
under that.
Let me know if you need any other info and please open the ticket as currently
we are still stuck because of this issue.
> Getting Critical Vulnerability CVE-2021-20231 on spark 3.0.0 branch
> -------------------------------------------------------------------
>
> Key: SPARK-35054
> URL: https://issues.apache.org/jira/browse/SPARK-35054
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 3.0.0
> Reporter: Shashank Jain
> Priority: Major
>
> Currently while running Trivy Scan on Spark build we are getting the
> following critical vulnerability
> CVE-2021-20231
> CVE-2021-20232
> How to fix these vulnerabilities in spark 3.0.0 branch ?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
