2 matches found
org.apache.livy:livy-assembly (=0.7.0-incubating), org.apache.livy:livy-coverage-report (=0.7.0-incubating) +2 more potentially affected by CVE-2021-26544 via org.apache.livy:livy-server (=0.7.0-incubating)
org.apache.livy:livy-server MAVEN version =0.7.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.livy:livy-server and may be impacted: - org.apache.livy:livy-assembly =0.7.0-incubating - org.apache.livy:livy-coverage-report...
CVE-2021-26544 Apache Livy (Incubating) is vulnerable to cross site scripting
Livy server version 0.7.0-incubating only is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating...