[jira] [Updated] (HIVE-28496) Address CVE-2020-28487 due to 4.20.0 version of vis.js

ASF GitHub Bot (Jira) Tue, 03 Sep 2024 05:38:06 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-28496?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


ASF GitHub Bot updated HIVE-28496:
----------------------------------
    Labels: pull-request-available  (was: )

> Address CVE-2020-28487 due to 4.20.0 version of vis.js
> ------------------------------------------------------
>
>                 Key: HIVE-28496
>                 URL: https://issues.apache.org/jira/browse/HIVE-28496
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Kiran Velumuri
>            Assignee: Kiran Velumuri
>            Priority: Major
>              Labels: pull-request-available
>
> This is to address CVE-2020-28487 coming from 4.20.0 version of vis.js from 
> the file vis.min.js. This file is being used in the recently added Query plan 
> tab in the HiveServer2 web UI.
>  
> The project vis.js has been split up into sub projects(from version 5.0.0) 
> from which we only require the Network sub-project. This sub-project contains 
> both vis.Network and vis.Dataset that we require from vis.min.js.
>  
> Link to CVE-2020-28487: 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28487



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-28496) Address CVE-2020-28487 due to 4.20.0 version of vis.js

Reply via email to