[jira] [Commented] (SPARK-39740) vis-timeline @ 4.2.1 vulnerable to XSS attacks

ASF GitHub Bot (Jira) Fri, 16 Jun 2023 02:24:16 -0700


    [ 
https://issues.apache.org/jira/browse/SPARK-39740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17733413#comment-17733413
 ]


ASF GitHub Bot commented on SPARK-39740:
----------------------------------------

User 'shrprasa' has created a pull request for this issue:
https://github.com/apache/spark/pull/41613

> vis-timeline @ 4.2.1 vulnerable to XSS attacks
> ----------------------------------------------
>
>                 Key: SPARK-39740
>                 URL: https://issues.apache.org/jira/browse/SPARK-39740
>             Project: Spark
>          Issue Type: Bug
>          Components: Web UI
>    Affects Versions: 3.2.1, 3.3.0
>            Reporter: Eugene Shinn (Truveta)
>            Priority: Major
>
> Spark UI includes visjs/vis-timeline package@4.2.1, which is vulnerable to 
> XSS attacks ([Cross-site Scripting in vis-timeline · CVE-2020-28487 · GitHub 
> Advisory Database|https://github.com/advisories/GHSA-9mrv-456v-pf22]). This 
> version should be replaced with the next non-vulnerable issue - [Release 
> v7.4.4 · visjs/vis-timeline 
> (github.com)|https://github.com/visjs/vis-timeline/releases/tag/v7.4.4] or 
> higher.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Commented] (SPARK-39740) vis-timeline @ 4.2.1 vulnerable to XSS attacks

Reply via email to