CVE-2022-31777

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31777

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31777.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31777

Aliases

Published

2022-11-01T16:15:13Z

Modified

2025-05-06T06:53:36.131897Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

References

Affected packages

Git / github.com/apache/spark

Affected ranges

Type: GIT
Repo: https://github.com/apache/spark
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

78a5825fe266c0884d2dd18cbca9625fa258d7f7

Affected versions

0.*

0.3-scala-2.8

0.3-scala-2.9

alpha-0.*

alpha-0.1

alpha-0.2

v0.*

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v3.*

v3.0.0-preview

v3.0.0-preview-rc1

v3.0.0-preview-rc2

v3.2.0

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0-rc6

v3.2.0-rc7

v3.2.1

v3.2.1-rc1

v3.2.1-rc2