9 matches found
Apache Spark < 3.2.2 / 3.3.0 < 3.3.1 XSS (CVE-2022-31777)
The version of Apache Spark installed on the remote host is prior to 3.2.2 or is 3.3.0. It is, therefore, affected by a cross-site scripting XSS vulnerability. An authenticated, remote attacker can execute arbitrary JavaScript in the web browser of a user by including a malicious payload into the...
CVE-2022-31777
A stored cross-site scripting XSS flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI...
CVE-2022-31777
creationtimestamp| type| source ---|---|--- 2022-11-01 19:13:50+00:00| seen| https://t.me/cibsecurity/52390 2023-11-11 17:45:13+00:00| seen| https://t.me/arpsyndicate/88 2025-05-06 04:20:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15046...
ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +1547 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.11 (>=2.0.0-preview <=2.4.8)
org.apache.spark:spark-core2.11 MAVEN version =2.0.0-preview, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.42.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
com.datastax.spark:spark-cassandra-connector-demos_2.10 (>=1.0.0 <=1.0.6), com.datastax.spark:spark-cassandra-connector-java_2.10 (>=1.0.0 <=1.0.6) +23 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=0.9.2)
org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =0.2.2, =0.2.2, =0.9.0-C2-EA, =0.5.0, =0.9.0, =0.8.3, =0.9.0-incubating, =0.9.0-incubating, =0.9.2 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1152 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.2.1)
org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.1, =3.34.0.3-1-3.0, =3.46.0.6-1-3.1 - ai.hunters:spark-adaptive-file-connector2.12 =1.0.0 and more Source cves: CVE-2022-31777 Source...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:GHSA-43XG-8WMJ-CW8H...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +150 more potentially affected by CVE-2022-31777 via pyspark (>=2.1.2 <=3.2.1)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.5.1, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =2.5.0b20240324 - bigdl-chronos =2.0.0 - bigdl-chronos-spark2 =2.0.0 - bigdl-chronos-spark3 =2.0.0 and more Source cves: CVE-2022-31777 Source advisory: OSV:PYSEC-2022-42976...
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...