CVE-2017-7678

medium

Published 2017-07-12 · Modified 2023-11-08

CVSS v3

6.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

4.3

VIR risk

6.1

Description

Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security@apache.org — http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html

Package impact

Ecosystem	Package	Vulnerable	Fixed
Maven	org.apache.spark:spark-core_2.11	`<2.2.0`	`2.2.0`
Maven	org.apache.spark:spark-core_2.10	`<2.2.0`	`2.2.0`

Application impact

Vendor	Product	Versions	Fixed
apache	spark	`{"endIncluding":"2.1.1"}`

References

http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
http://www.securityfocus.com/bid/99603
https://nvd.nist.gov/vuln/detail/CVE-2017-7678
https://github.com/advisories/GHSA-r34r-f84j-5x4x

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.