VDB
CVE-2022-31777
CVE-2022-31777
PUBLISHED
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
EPSS 0.18% · 38.8th percentile
Risk Scores
EPSS Score
0.18%
38.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | spark | 0, 3.3.0 |
| Bitnami | spark | 0, 3.3.0 |
Exploit Intelligence
- CIRCL seen: CVE-2022-31777 (circl-sighting)
- CIRCL seen: CVE-2022-31777 (circl-sighting)
- CIRCL seen: CVE-2022-31777 (circl-sighting)
- https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q (circl)
- [oss-security] 20221101 CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript (circl)
Timeline
- Nov 1, 2022 CVE Published
- Nov 1, 2022 PoC Published
- Nov 2, 2022 EPSS Score
- Dec 15, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
- Mar 12, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
- Jun 6, 2023 EPSS Score
- Jul 20, 2023 EPSS Score
- Sep 1, 2023 EPSS Score
- Oct 14, 2023 EPSS Score
- Nov 11, 2023 PoC Published