Cross-site Scripting (XSS) Affecting org.apache.spark:spark-core_2.11 Open this link in a new tab package, versions [,2.1.3) [2.2.0,2.2.2) [2.3.0,2.3.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 Jul 2018
12 Jul 2018
Apache Spark is a general cluster computing system for Big Data.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. It is possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI.
org.apache.spark:spark-core to version 2.1.3, 2.2.2, 2.3.1 or higher.