VYPR
Moderate severityNVD Advisory· Published Nov 1, 2022· Updated May 6, 2025

Apache Spark XSS vulnerability in log viewer UI Javascript

CVE-2022-31777

Description

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pysparkPyPI
< 3.2.23.2.2
pysparkPyPI
>= 3.3.0, < 3.3.13.3.1
org.apache.spark:spark-core_2.9.3Maven
>= 0
org.apache.spark:spark-core_2.13Maven
< 3.2.23.2.2
org.apache.spark:spark-core_2.13Maven
>= 3.3.0, < 3.3.13.3.1
org.apache.spark:spark-core_2.12Maven
< 3.2.23.2.2
org.apache.spark:spark-core_2.12Maven
>= 3.3.0, < 3.3.13.3.1
org.apache.spark:spark-core_2.11Maven
>= 0
org.apache.spark:spark-core_2.10Maven
>= 0

Affected products

8

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.