Palakur Eshwitha Sai created HDFS-17610:
-------------------------------------------
Summary: Upgrade Bootstrap version used in HDFS UI to fix CVE
Key: HDFS-17610
URL: https://issues.apache.org/jira/browse/HDFS-17610
Project: Hadoop HDFS
Issue Type: Improvement
Reporter: Palakur Eshwitha Sai
The current versions of bootstrap has multiple medium severity CVEs reported
till date and needs to be updated to the latest versions with no reported CVEs.
[CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484]
[CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531]
[CVE-2024-6485|https://nvd.nist.gov/vuln/detail/CVE-2024-6485]
For [CVE-2024-6484|https://nvd.nist.gov/vuln/detail/CVE-2024-6484], our tool
states that:
This vulnerability affects all 4.x and 5.x versions and not only those leading
up to and including {{{}3.4.1{}}}.
For [CVE-2024-6531|https://nvd.nist.gov/vuln/detail/CVE-2024-6531], our tool
states that:
This vulnerability was introduced in version {{{}2.0.0{}}}, not {{4.0.0}} as
the advisory states. Additionally, this vulnerability affects all 5.x versions
and not only the versions leading up to and including {{{}4.6.2{}}}.
Therefore, alternative upgrade path needs to be found for the same as there is
no non-vulnerable upgrade path for this component/package at the moment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
