oss-sec mailing list archives
CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript
From: "Sean R. Owen" <srowen () apache org>
Date: Tue, 01 Nov 2022 15:03:50 +0000
Severity: moderate Description: A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. This issue is being tracked as SPARK-39505 Mitigation: Upgrade to Apache Spark maintenance releases 3.2.2, or 3.3.1 or later Credit: Florian Walter (Veracode)
Current thread:
- CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript Sean R. Owen (Nov 01)