Количество 3
Количество 3
CVE-2017-7678
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.
CVE-2017-7678
In Apache Spark before 2.2.0, it is possible for an attacker to take a ...
GHSA-r34r-f84j-5x4x
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-7678 In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs. | CVSS3: 6.1 | 2% Низкий | больше 8 лет назад |
| CVE-2017-7678 In Apache Spark before 2.2.0, it is possible for an attacker to take a ... | CVSS3: 6.1 | 2% Низкий | больше 8 лет назад |
| GHSA-r34r-f84j-5x4x Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 | CVSS3: 6.1 | 2% Низкий | около 7 лет назад |
Уязвимостей на страницу