Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-10336

RM page should throw exception when command injected in RM REST API to get applications

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.4.0, 3.3.1
    • None
    • None

    Description

      Using a web application attacking, we see that injecting commands like ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. Refer images.

      Attachments

        1. CommandInject.jpg
          48 kB
          Rajshree Mishra
        2. RM_UI.jpg
          86 kB
          Rajshree Mishra
        3. testproof.png
          130 kB
          Bilwa S T
        4. YARN-10336.001.patch
          1 kB
          Bilwa S T
        5. YARN-10336.002.patch
          4 kB
          Bilwa S T
        6. YARN-10336.003.patch
          5 kB
          Bilwa S T

        Activity

          People

            BilwaST Bilwa S T
            Rajshree Rajshree Mishra
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: