[SPARK-39793] How to treat/eliminate CVE-2021-4048 (reported for arpack_combined_all-0.1.jar) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Question
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3.0
Fix Version/s: None
Component/s: MLlib
Labels:
None

Description

The following CVE is reported for arpack_combined_all-0.1.jar which is used in org.apache.spark:spark-graphx_2.13 which in turn is used in mllib : https://nvd.nist.gov/vuln/detail/CVE-2021-4048

Questions: how relevant is this issue, can it be safely ignored?

It seems that arpack_combined_all-0.1.jar is really needed because when removing it from the CLASSPATH, a NoClassDefFoundError: org/netlib/blas/Sdot is reported.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alexander Bouriakov

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Jul/22 14:49

Updated:: 15/Jul/22 14:49