← Back to CVE List

CVE-2017-7678

Published: 2017-07-12T13:29Z
Last Modified: 2024-11-21T03:32Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt