285 matches found
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Spark
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID:CVE-2022-31777 DESCRIPTION: Apache Spark is vulnerable to cross-site scripting, caused by improper validation of user-supplied input in the log viewer. A...
Apache Spark < 3.2.2 Stored Cross-Site Scripting
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...
Apache Spark 3.3.0 Stored Cross-Site Scripting
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...
Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...
VulnCheck KEV: CVE-2022-33891
Apache Spark contains a command injection vulnerability via Spark User Interface UI when Access Control Lists ACLs are enabled...
Security Bulletin: An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights (PVR0342171 )
Summary An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights PVR0342171. Apache-Spark is used by IBM Operations Analytics Predictive Insight in the data processing services. The vulnerabilities have been addressed. Vulnerability Details Refer to the security bulletin...
Apache Spark UI Command Injection (CVE-2022-33891)
A command execution vulnerability exists in Apache Spark. The vulnerability is due to errors in parsing user requests when the ACL is enabled...
Apache Spark Injection Vulnerability
Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1152 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.2.1)
org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.1, =3.34.0.3-1-3.0, =3.46.0.6-1-3.1 - ai.hunters:spark-adaptive-file-connector2.12 =1.0.0 and more Source cves: CVE-2022-31777 Source...
org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)
org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2022-31777...
GHSA-43XG-8WMJ-CW8H Apache Spark vulnerable to Log Injection
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
Apache Spark vulnerable to Log Injection
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
CVE-2022-31777
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
Cross site scripting
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
PYSEC-2022-42976
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
PYSEC-2022-42976
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
Apache Spark 注入漏洞
Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...
CVE-2022-31777
CVE-2022-31777 — Apache Spark XSS : A stored XSS in Spark 3.2.1 and earlier and 3.3.0 arises from improper validation in the log viewer. An attacker can lure a user to click a crafted URL to execute arbitrary JavaScript in the victim’s browser, potentially compromising cookies and session data. A...
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...