Описание
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
A stored cross-site scripting (XSS) flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | apache-spark | Will not fix | ||
| Red Hat Integration Camel K 1 | apache-spark | Will not fix | ||
| Red Hat Integration Camel Quarkus 1 | apache-spark | Will not fix | ||
| Red Hat JBoss Data Grid 7 | apache-spark | Out of support scope | ||
| RHINT Camel-Springboot 3.20.1 | apache-spark | Fixed | RHSA-2023:2100 | 03.05.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2. ...
EPSS
5.4 Medium
CVSS3