Eugene Shinn (Truveta) created SPARK-39740:
----------------------------------------------
Summary: vis-timeline @ 4.2.1 vulnerable to XSS attacks
Key: SPARK-39740
URL: https://issues.apache.org/jira/browse/SPARK-39740
Project: Spark
Issue Type: Bug
Components: Web UI
Affects Versions: 3.3.0, 3.2.1
Reporter: Eugene Shinn (Truveta)
Spark UI includes visjs/vis-timeline [email protected], which is vulnerable to XSS
attacks ([Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub
Advisory Database|https://github.com/advisories/GHSA-9mrv-456v-pf22]). This
version should be replaced with the next non-vulnerable issue - [Release v7.4.4
· visjs/vis-timeline
(github.com)|https://github.com/visjs/vis-timeline/releases/tag/v7.4.4] or
higher.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
