Lucene search
Veracode Vulnerability DatabaseVERACODE:37753HistoryNov 02, 2022 - 2:13 a.m.
Cross-site Scripting (XSS)
2022-11-0202:13:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
cross-site scripting
vulnerability
log-view.js
javascript payload
ui security
EPSS
0.001
Percentile
30.3%
spark-core_2.12 is vulnerable to cross-site scripting. The vulnerability exists because the loadMore function of log-view.js does not properly escape the log content rendered in UI, allowing an attacker to inject and execute a malicious JavaScript payload into the logs.
References
www.openwall.com/lists/oss-security/2022/11/01/14
github.com/apache/spark/commit/07edae97342ae3095b370a3f780b61c94241e771
github.com/apache/spark/commit/ad90195de56688ce0898691eb9d04297ab0871ad
github.com/apache/spark/pull/36902
issues.apache.org/jira/browse/SPARK-39505
lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
Related
cnvd
cnvd
Apache Spark Injection Vulnerability
2022-11-03 00:00:00
nessus
nessus
Apache Spark < 3.2.2 / 3.3.0 < 3.3.1 XSS (CVE-2022-31777)
2023-10-04 00:00:00
Oracle Business Intelligence Enterprise Edition (OAS) (July 2023 CPU)
2023-07-21 00:00:00
redhatcve
redhatcve
CVE-2022-31777
2022-11-23 16:56:13
prion
prion
Cross site scripting
2022-11-01 16:15:00
osv
osv
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
BIT-spark-2022-31777
2024-03-06 11:05:38
CVE-2022-31777
2022-11-01 16:15:13
ibm
ibm
cve
cve
CVE-2022-31777
2022-11-01 16:15:13
github
github
Apache Spark vulnerable to Log Injection
2022-11-01 19:00:29
cvelist
cvelist
CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript
2022-11-01 00:00:00
nvd
nvd
CVE-2022-31777
2022-11-01 16:15:13
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00