[jira] [Created] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications

Rajshree Mishra (Jira) Thu, 02 Jul 2020 00:09:08 -0700

Rajshree Mishra created YARN-10336:
--------------------------------------

             Summary: RM page should throw exception when command injected in 
RM REST API to get applications
                 Key: YARN-10336
                 URL: https://issues.apache.org/jira/browse/YARN-10336
             Project: Hadoop YARN
          Issue Type: Bug
            Reporter: Rajshree Mishra
         Attachments: CommandInject.jpg, RM_UI.jpg


Using a web application attacking, we see that injecting commands like 
ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. Refer 
images.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

[jira] [Created] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications

Reply via email to