[
https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177233#comment-17177233
]
Hemanth Boyina commented on YARN-10336:
---------------------------------------
+1 , will commit shortly
> RM page should throw exception when command injected in RM REST API to get
> applications
> ---------------------------------------------------------------------------------------
>
> Key: YARN-10336
> URL: https://issues.apache.org/jira/browse/YARN-10336
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Rajshree Mishra
> Assignee: Bilwa S T
> Priority: Major
> Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch,
> YARN-10336.002.patch, YARN-10336.003.patch, testproof.png
>
>
> Using a web application attacking, we see that injecting commands like
> ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception.
> Refer images.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
