Lucene search

Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

🗓️ 09 Nov 2018 17:08:43Reported by GitHub Advisory DatabaseType

Moderate severity vulnerability in org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 allows attackers to trick users into executing scripts through Spark web UI

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Veracode	Cross-site Scripting (XSS)	24 Apr 201705:31	–	veracode
CVE	CVE-2017-7678	12 Jul 201713:29	–	cve
NVD	CVE-2017-7678	12 Jul 201713:29	–	nvd
IBM Security Bulletins	Security Bulletin: IBM Development Package for Apache Spark might create a remote exploitation vector against old Internet Explorer browsers through XSS	15 Jun 201807:07	–	ibm
Cvelist	CVE-2017-7678	12 Jul 201713:00	–	cvelist
Prion	Code injection	12 Jul 201713:29	–	prion
OSV	Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11	9 Nov 201817:43	–	osv
OSV	CVE-2017-7678	12 Jul 201713:29	–	osv

Vulners

Node

org.apache.spark spark-core_2.10Range<2.2.0

org.apache.spark spark-core_2.11Range<2.2.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-7678
github	www.github.com/advisories/GHSA-r34r-f84j-5x4x
apache-spark-developers-list	www.apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
securityfocus	www.securityfocus.com/bid/99603

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Nov 2018 17:43Current

0.5Low risk

Vulners AI Score0.5

CVSS24.3

CVSS36.1

EPSS0.0179

CWE-79