[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17169498#comment-17169498 ]
Hemanth Boyina commented on YARN-10336: --------------------------------------- thanks for the report [~Rajshree] , thanks for the patch [~BilwaST] is [ ] character was injected in the rest api request ? > RM page should throw exception when command injected in RM REST API to get > applications > --------------------------------------------------------------------------------------- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug > Reporter: Rajshree Mishra > Assignee: Bilwa S T > Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org