[HIVE-28496] Address CVE-2020-28487 due to 4.20.0 version of vis.js - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.1.0
Component/s: None
Labels:
- pull-request-available

Description

This is to address CVE-2020-28487 coming from 4.20.0 version of vis.js from the file vis.min.js. This file is being used in the recently added Query plan tab in the HiveServer2 web UI.

The project vis.js has been split up into sub projects(from version 5.0.0) from which we only require the Network sub-project. This sub-project contains both vis.Network and vis.Dataset that we require from vis.min.js.

Link to CVE-2020-28487: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28487

Attachments

Issue Links

links to

GitHub Pull Request #5430

Activity

People

Assignee:: Kiran Velumuri

Reporter:: Kiran Velumuri

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Sep/24 11:41

Updated:: 28/Sep/24 02:51

Resolved:: 28/Sep/24 02:51