—

PYSEC-2022-42976

상세

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pyspark

최초 영향 버전: 0 수정 버전: 3.2.2

수정 pip install --upgrade 'pyspark>=3.2.2'

참고

https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q [WEB]