Lucene search
China National Vulnerability DatabaseCNVD-2022-74075HistoryNov 03, 2022 - 12:00 a.m.
Apache Spark Injection Vulnerability
2022-11-0300:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user’s web browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache spark | le | 3.2.1 | |
| apache apache spark | eq | 3.3.0 |
Related
nessus
nessus
Apache Spark < 3.2.2 / 3.3.0 < 3.3.1 XSS (CVE-2022-31777)
2023-10-04 00:00:00
Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)
2023-07-21 00:00:00
prion
prion
Cross site scripting
2022-11-01 16:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-11-02 02:13:04
redhatcve
redhatcve
CVE-2022-31777
2022-11-23 16:56:13
osv
osv
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
BIT-spark-2022-31777
2024-03-06 11:05:38
CVE-2022-31777
2022-11-01 16:15:13
ibm
ibm
cve
cve
CVE-2022-31777
2022-11-01 16:15:00
github
github
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
cvelist
cvelist
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
2022-11-01 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Related for CNVD-2022-74075