CVE-2022-31777

CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript

Vendor Apache Software Foundation

Product Apache Spark

Weakness CWE-74

Published November 1, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Key dates

Disclosure timeline

November 1, 2022 CVE published

May 6, 2025 Record updated

Identifiers

CVE CVE-2022-31777

CWE CWE-74

Affected versions

Vendor Apache Software Foundation

Product Apache Spark

Affected 3.3.0

Vendor Apache Software Foundation

Product Apache Spark

Affected ≥ 3.2.1 and earlier and ≤ 3.2.1