spark-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Richardson <ekrichard...@gmail.com>
Subject CVEs
Date Mon, 21 Jun 2021 22:27:23 GMT
Hi,

I am working with Spark 3.1.2 and getting several vulnerabilities popping
up. I am wondering if the Spark distros are scanned etc. and how people
resolve these.

For example. I am finding - https://nvd.nist.gov/vuln/detail/CVE-2020-25649

This looks like it is fixed in 2.11.0 -
https://github.com/FasterXML/jackson-databind/issues/2589 - but Spark
supplies 2.10.0.

Thanks,
Eric

Mime
View raw message