CVE-2022-31777 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-31777 PUBLISHED

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

EPSS 0.13% · 31.9th percentile

Risk Scores

EPSS Score

0.13%

31.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	spark	0, 3.3.0
Bitnami	spark	0, 3.3.0

Timeline

Nov 1, 2022 CVE Published
Nov 1, 2022 PoC Published
Nov 2, 2022 EPSS Score
Dec 15, 2022 EPSS Score
Jan 26, 2023 EPSS Score
Mar 10, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 3, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Aug 28, 2023 EPSS Score
Oct 10, 2023 EPSS Score
Nov 11, 2023 PoC Published

References

Open in Interactive Console →