Severity: moderate

Description:

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and 
earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in 
the web browser of a user, by including a malicious payload into the logs which 
would be returned in logs rendered in the UI.

This issue is being tracked as SPARK-39505

Mitigation:

Upgrade to Apache Spark maintenance releases 3.2.2, or 3.3.1 or later

Credit:

Florian Walter (Veracode)


---------------------------------------------------------------------
To unsubscribe e-mail: dev-unsubscr...@spark.apache.org

Reply via email to