1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-43XG-8WMJ-CW8H

[MAVEN:GHSA-43XG-8WMJ-CW8H] Apache Spark vulnerable to Log Injection

Severity Moderate
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Package Affected Version
pkg:maven/pyspark < 3.2.2
pkg:maven/org.apache.spark/spark-core = 3.3.0
pkg:maven/org.apache.spark/spark-core < 3.2.2
Package Fixed Version
pkg:maven/pyspark = 3.2.2
pkg:maven/org.apache.spark/spark-core = 3.3.1
pkg:maven/org.apache.spark/spark-core = 3.2.2
ID
MAVEN:GHSA-43XG-8WMJ-CW8H
Severity
moderate
URL
https://github.com/advisories/GHSA-43xg-8wmj-cw8h
Published
2022-11-01T19:00:29
(22 months ago)
Modified
2023-08-31T00:27:40
(12 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/pyspark pyspark < 3.2.2
Fixed pkg:maven/pyspark pyspark = 3.2.2
Affected pkg:maven/org.apache.spark/spark-core org.apache.spark spark-core = 3.3.0
Fixed pkg:maven/org.apache.spark/spark-core org.apache.spark spark-core = 3.3.1
Affected pkg:maven/org.apache.spark/spark-core org.apache.spark spark-core < 3.2.2
Fixed pkg:maven/org.apache.spark/spark-core org.apache.spark spark-core = 3.2.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date