QwikSec

Security Database

CVE

CWE

Training

CVE-2022-31777

Published: Nov 1, 2022

Modified: May 6, 2025

PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.

Vendor	Product	Versions
Apache Software Foundation	Apache Spark	affected `3.3.0` affected `3.2.1 and earlier - <= 3.2.1`

Weaknesses (CWE)

References

https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q

[oss-security] 20221101 CVE-2022-31777: Apache Spark XSS vulnerability in log viewer UI Javascript

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.