Количество 2
Количество 2
CVE-2021-26544
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.
GHSA-74qp-233x-p5j8
Apache Livy Cross-site scripting (XSS) in session names
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-26544 Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. | CVSS3: 5.4 | 2% Низкий | почти 5 лет назад |
| GHSA-74qp-233x-p5j8 Apache Livy Cross-site scripting (XSS) in session names | CVSS3: 5.4 | 2% Низкий | больше 4 лет назад |
Уязвимостей на страницу