CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript

["Sean R. Owen" <srowen () apache org>]

Severity: moderate

Description:

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers 
to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which 
would be returned in logs rendered in the UI.

This issue is being tracked as SPARK-39505

Mitigation:

Upgrade to Apache Spark maintenance releases 3.2.2, or 3.3.1 or later

Credit:

Florian Walter (Veracode)