Lucene search
HistoryNov 01, 2022 - 4:15 p.m.
CVE-2022-31777
apache spark
remote attack
cross-site scripting
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
Affected configurations
Node
apachesparkRange<3.2.2
ORapachesparkMatch3.3.0
Related
ibm
ibm
osv
osv
BIT-spark-2022-31777
2024-03-06 11:05:38
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
CVE-2022-31777
2022-11-01 16:15:13
cnvd
cnvd
Apache Spark Injection Vulnerability
2022-11-03 00:00:00
nessus
nessus
Apache Spark < 3.2.2 / 3.3.0 < 3.3.1 XSS (CVE-2022-31777)
2023-10-04 00:00:00
Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)
2023-07-21 00:00:00
prion
prion
Cross site scripting
2022-11-01 16:15:00
redhatcve
redhatcve
CVE-2022-31777
2022-11-23 16:56:13
veracode
veracode
Cross-site Scripting (XSS)
2022-11-02 02:13:04
cve
cve
CVE-2022-31777
2022-11-01 16:15:13
github
github
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
cvelist
cvelist
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
2022-11-01 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
30.3%
Related for NVD:CVE-2022-31777