Sujan Pabbathi created SPARK-54322:
--------------------------------------
Summary: org.apache.ivy:ivy
Key: SPARK-54322
URL: https://issues.apache.org/jira/browse/SPARK-54322
Project: Spark
Issue Type: Dependency upgrade
Components: Spark Core
Affects Versions: 3.5.7
Reporter: Sujan Pabbathi
Upgrade Apache Ivy to 2.5.2 due to CVE-2022-46751.
Spark-core_2.12 had a library
dependency([org.apache.ivy:ivy|https://deps.dev/maven/org.apache.ivy%3Aivy/2.5.1]:2.5.1).
It has 8.2 High vulnerability [Apache Ivy External Entity Reference
vulnerability|https://deps.dev/advisory/osv/GHSA-2jc4-r94c-rp7h]. It is fixed
in 2.5.2 version. Please upgrade the ivy to 2.5.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
