[
https://issues.apache.org/jira/browse/SPARK-43864?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17728759#comment-17728759
]
BingKun Pan edited comment on SPARK-43864 at 6/2/23 2:20 PM:
-------------------------------------------------------------
@[~gaoyajun02] Okay, Let me investigate it first.
was (Author: panbingkun):
[~gaoyajun02] Okay, Let me investigate it first.
> Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before
> 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SPARK-43864
> URL: https://issues.apache.org/jira/browse/SPARK-43864
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: gaoyajun02
> Priority: Minor
>
> CVE-2023-26119 Detail: [https://nvd.nist.gov/vuln/detail/CVE-2023-26119]
> It is recommended to replace 'net.sourceforge.htmlunit'' by 'org.htmlunit' in
> spark
> {code:java}
> <dependency>
> <groupId>org.htmlunit</groupId>
> <artifactId>htmlunit</artifactId>
> <scope>test</scope>
> </dependency>
> <dependency>
> <groupId>org.htmlunit</groupId>
> <artifactId>htmlunit-core-js</artifactId>
> <scope>test</scope>
> </dependency> {code}
> see: [https://www.htmlunit.org/migration.html]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
