Lucene search
+L

285 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/30 5:7 p.m.71 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID:CVE-2022-31777 DESCRIPTION: Apache Spark is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in the log viewer. A...

5.4CVSS5.7AI score0.01473EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.21 views

Apache Spark < 3.2.2 Stored Cross-Site Scripting

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...

5.4CVSS6.2AI score0.01473EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/12 12:0 a.m.28 views

Apache Spark 3.3.0 Stored Cross-Site Scripting

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...

5.4CVSS6.2AI score0.01473EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2022/12/22 9:39 a.m.74 views

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...

10CVSS10AI score0.99964EPSS
Exploits229
VulnCheck KEV
VulnCheck KEV
added 2022/12/21 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-33891

Apache Spark contains a command injection vulnerability via Spark User Interface UI when Access Control Lists ACLs are enabled...

8.8CVSS7.4AI score0.92984EPSS
Exploits12References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/29 1:4 p.m.12 views

Security Bulletin: An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights (PVR0342171 )

Summary An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights PVR0342171. Apache-Spark is used by IBM Operations Analytics Predictive Insight in the data processing services. The vulnerabilities have been addressed. Vulnerability Details Refer to the security bulletin...

7.1AI score
Exploits0Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/11/06 12:0 a.m.17 views

Apache Spark UI Command Injection (CVE-2022-33891)

A command execution vulnerability exists in Apache Spark. The vulnerability is due to errors in parsing user requests when the ACL is enabled...

4.4AI score0.92984EPSS
Exploits12
CNVD
CNVD
added 2022/11/03 12:0 a.m.32 views

Apache Spark Injection Vulnerability

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

3.2AI score0.01473EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.7 views

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1152 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.2.1)

org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.1, =3.34.0.3-1-3.0, =3.46.0.6-1-3.1 - ai.hunters:spark-adaptive-file-connector2.12 =1.0.0 and more Source cves: CVE-2022-31777 Source...

5.4CVSS6.2AI score0.01473EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.4 views

org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)

org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2022-31777...

5.4CVSS6.2AI score0.01473EPSS
Exploits0
OSV
OSV
added 2022/11/01 7:0 p.m.9 views

GHSA-43XG-8WMJ-CW8H Apache Spark vulnerable to Log Injection

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS7.1AI score0.01473EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/11/01 7:0 p.m.24 views

Apache Spark vulnerable to Log Injection

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS5.7AI score0.01473EPSS
Exploits0References7Affected Software6
NVD
NVD
added 2022/11/01 4:15 p.m.13 views

CVE-2022-31777

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS0.01473EPSS
Exploits0References2
Prion
Prion
added 2022/11/01 4:15 p.m.18 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

4.9CVSS5.5AI score0.01473EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2022/11/01 4:15 p.m.6 views

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS6.1AI score0.01473EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/01 4:15 p.m.4 views

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS6.7AI score0.01473EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.25 views

Apache Spark 注入漏洞

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

5.4CVSS7.5AI score0.01473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.5 views

CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4AI score0.01473EPSS
Exploits0References2
CVE
CVE
added 2022/11/01 12:0 a.m.147 views

CVE-2022-31777

CVE-2022-31777 — Apache Spark XSS : A stored XSS in Spark 3.2.1 and earlier and 3.3.0 arises from improper validation in the log viewer. An attacker can lure a user to click a crafted URL to execute arbitrary JavaScript in the victim’s browser, potentially compromising cookies and session data. A...

5.4CVSS5.5AI score0.01473EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.33 views

CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.7AI score0.01473EPSS
Exploits0References2
Rows per page
Query Builder