You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Rajshree Mishra (Jira)" <ji...@apache.org> on 2020/07/02 07:09:00 UTC

[jira] [Created] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications

Rajshree Mishra created YARN-10336:
--------------------------------------

             Summary: RM page should throw exception when command injected in RM REST API to get applications
                 Key: YARN-10336
                 URL: https://issues.apache.org/jira/browse/YARN-10336
             Project: Hadoop YARN
          Issue Type: Bug
            Reporter: Rajshree Mishra
         Attachments: CommandInject.jpg, RM_UI.jpg

Using a web application attacking, we see that injecting commands like ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. Refer images.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org