Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Livy
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26544 1 Apache 1 Livy 2021-02-26 3.5 LOW 5.4 MEDIUM
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.