Skip to content

Commit

Permalink
update CVE-2018-8024 to add apache spark fix versions and remove firefox
Browse files Browse the repository at this point in the history
Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Nov 12, 2024
1 parent 504d676 commit af0bca7
Showing 1 changed file with 101 additions and 0 deletions.
101 changes: 101 additions & 0 deletions data/anchore/2018/CVE-2018-8024.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
{
"additionalMetadata": {
"cna": "apache",
"cveId": "CVE-2018-8024",
"description": "In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.",
"reason": "Add Apache Spark fixed versions and remove Firefox as an affected component",
"references": [
"https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba%40%3Cdev.spark.apache.org%3E",
"https://spark.apache.org/security.html#CVE-2018-8024"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*"
],
"product": "Apache Spark",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "2.3.1",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org",
"cpes": [
"cpe:2.3:a:org.apache.spark:spark-core_2.10:*:*:*:*:*:*:*:*"
],
"packageName": "org.apache.spark:spark-core_2.10",
"packageType": "maven",
"product": "org.apache.spark:spark-core_2.10",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org",
"cpes": [
"cpe:2.3:a:org.apache.spark:spark-core_2.11:*:*:*:*:*:*:*:*"
],
"packageName": "org.apache.spark:spark-core_2.11",
"packageType": "maven",
"product": "org.apache.spark:spark-core_2.11",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.1.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.2",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
},
{
"lessThan": "2.3.1",
"status": "affected",
"version": "2.3.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}

0 comments on commit af0bca7

Please sign in to comment.