Sundar created SPARK-39020:
------------------------------
Summary: [CVE-2020-9480] Transitive dependency "unused" from
spark-sql_2.12 highlight as vulnerable in dependency tracker
Key: SPARK-39020
URL: https://issues.apache.org/jira/browse/SPARK-39020
Project: Spark
Issue Type: Question
Components: Spark Core
Affects Versions: 3.2.1
Reporter: Sundar
I am using spark-sql_2.12 dependency version 3.2.1 in my project. My dependency
tracker highlights the transitive dependency "unused" from spark-sql_2.12
as vulnerable. I check there is no update for this artifacts since 2014. Is the
artifact used anywhere in spark ?
To resolve this vulnerability, can I exclude this "unused" artifact from
spark-sql_2.12 ? Will it cause any issues in my project ?
!image-2022-04-26-14-50-31-521.png!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
