Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6352

Header injections are possible in application proxy servlet

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.0, 2.7.3
    • 2.9.0, 2.8.2
    • resourcemanager, security
    • None
    • Reviewed

    Description

      This issue was found in WVS security tool.

      Attachments

        1. headerInjection.png
          136 kB
          Naganarasimha G R
        2. YARN-6352.001.patch
          2 kB
          Naganarasimha G R
        3. YARN-6352-branch-2.002.patch
          4 kB
          Naganarasimha G R
        4. YARN-6352-branch-2.003.patch
          4 kB
          Naganarasimha G R

        Activity

          People

            Naganarasimha Naganarasimha G R
            Naganarasimha Naganarasimha G R
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: