[
https://issues.apache.org/jira/browse/HDFS-16860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hemanth Boyina resolved HDFS-16860.
-----------------------------------
Fix Version/s: 3.4.0
Resolution: Fixed
> Upgrade moment.min.js to 2.29.4
> -------------------------------
>
> Key: HDFS-16860
> URL: https://issues.apache.org/jira/browse/HDFS-16860
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: build, ui
> Affects Versions: 3.4.0
> Reporter: D M Murali Krishna Reddy
> Assignee: Anurag Parvatikar
> Priority: Major
> Labels: pull-request-available, transitive-cve
> Fix For: 3.4.0
>
>
> Upgrade moment.min.js to 2.29.4 to resolve
> https://nvd.nist.gov/vuln/detail/CVE-2022-31129
> "Users may notice a noticeable slowdown is observed with inputs above 10k
> characters. Users who pass user-provided strings without sanity length checks
> to moment constructor are vulnerable to (Re)DoS attacks. The problem is
> patched in 2.29.4"
> this only appears to affect the UI, not the yarn services, so it is a
> self-harm DoS rather than anything important. "if you pass in big strings the
> ui slows down"
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
