Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.26 views

Apache Spark < 3.2.2 / 3.3.0 < 3.3.1 XSS (CVE-2022-31777)

The version of Apache Spark installed on the remote host is prior to 3.2.2 or is 3.3.0. It is, therefore, affected by a cross-site scripting XSS vulnerability. An authenticated, remote attacker can execute arbitrary JavaScript in the web browser of a user by including a malicious payload into the...

5.4CVSS6.7AI score0.01473EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/11/23 4:56 p.m.34 views

CVE-2022-31777

A stored cross-site scripting XSS flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI...

5.4CVSS2.7AI score0.01473EPSS
Exploits0References3
Circl
Circl
added 2022/11/01 7:13 p.m.5 views

CVE-2022-31777

creationtimestamp| type| source ---|---|--- 2022-11-01 19:13:50+00:00| seen| https://t.me/cibsecurity/52390 2023-11-11 17:45:13+00:00| seen| https://t.me/arpsyndicate/88 2025-05-06 04:20:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15046...

5.4CVSS6.1AI score0.01473EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.4 views

ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +1547 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.11 (>=2.0.0-preview <=2.4.8)

org.apache.spark:spark-core2.11 MAVEN version =2.0.0-preview, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.42.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...

5.4CVSS6.3AI score0.01473EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.4 views

com.datastax.spark:spark-cassandra-connector-demos_2.10 (>=1.0.0 <=1.0.6), com.datastax.spark:spark-cassandra-connector-java_2.10 (>=1.0.0 <=1.0.6) +23 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=0.9.2)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.9.0-C2-EA, =0.5.0, =0.9.0, =0.8.3, =0.9.0-incubating, =0.9.0-incubating, =0.9.2 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...

5.4CVSS6.4AI score0.01473EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.7 views

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1152 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.2.1)

org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.1, =3.34.0.3-1-3.0, =3.46.0.6-1-3.1 - ai.hunters:spark-adaptive-file-connector2.12 =1.0.0 and more Source cves: CVE-2022-31777 Source...

5.4CVSS6.2AI score0.01473EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.8 views

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...

5.4CVSS6.4AI score0.01473EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/01 4:15 p.m.6 views

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:PYSEC-2022-42976...

5.4CVSS6.4AI score0.01473EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.4 views

CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4AI score0.01473EPSS
Exploits0References2
Rows per page
Query Builder