—

PYSEC-2022-42976

Details

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pyspark

Introduced in: 0 Fixed in: 3.2.2

Fix pip install --upgrade 'pyspark>=3.2.2'

References

https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q [WEB]