[jira] [Updated] (YARN-11739) Update jquery in hadoop-yarn-catalog-webapp due to CVEs

Tue, 12 Nov 2024 01:17:13 -0800 


     [ 
https://issues.apache.org/jira/browse/YARN-11739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Palakur Eshwitha Sai updated YARN-11739:
----------------------------------------
    Description: 
The hadoop-yarn-applications-catalog-webapp war file which is bundled as a part 
of hadoop tarball has *jquery* *3.3.1* which is identified with the below CVEs:

[CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]

[CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023]

[CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064]

Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html]

Occurrences:
 * bower.json located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery
 * core.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.min.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist

and 117 other files.

 

 

  was:
The hadoop-yarn-applications-catalog-webapp war file which is bundled as a part 
of hadoop tarball has jquery 3.3.1 which is identified with the below CVEs:

[CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]

[CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023]

[CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064]

Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html]

Occurrences:
 * bower.json located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery
 * core.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
 * jquery.min.js located at 
hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist

and 117 other files.

 

 


> Update jquery in hadoop-yarn-catalog-webapp due to CVEs
> -------------------------------------------------------
>
>                 Key: YARN-11739
>                 URL: https://issues.apache.org/jira/browse/YARN-11739
>             Project: Hadoop YARN
>          Issue Type: Task
>          Components: webapp
>            Reporter: Palakur Eshwitha Sai
>            Priority: Major
>
> The hadoop-yarn-applications-catalog-webapp war file which is bundled as a 
> part of hadoop tarball has *jquery* *3.3.1* which is identified with the 
> below CVEs:
> [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
> [CVE-2020-11023|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023]
> [CVE-2020-23064|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23064]
> Sonatype CWE: [79|https://cwe.mitre.org/data/definitions/79.html]
> Occurrences:
>  * bower.json located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery
>  * core.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
>  * jquery.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
>  * jquery.min.js located at 
> hadoop-dist/target/hadoop-3.3.6-270.tar.gz/hadoop-3.3.6-270/share/hadoop/yarn/hadoop-yarn-applications-catalog-webapp-3.3.6-270.war/vendor/jquery/dist
> and 117 other files.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to