Severity: moderate Description:
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. This issue is being tracked as SPARK-39505 Mitigation: Upgrade to Apache Spark maintenance releases 3.2.2, or 3.3.1 or later Credit: Florian Walter (Veracode) --------------------------------------------------------------------- To unsubscribe e-mail: dev-unsubscr...@spark.apache.org