Apache · Livy · CVE-2021-26544
**Name of the Vulnerable Software and Affected Versions**
Livy version 0.7.0-incubating
**Description**
The issue is a cross-site scripting flaw in the session name, allowing a malicious user to access logs and results of other users' sessions and run jobs with their privileges.
**Recommendations**
For Livy version 0.7.0-incubating, update to Livy 0.7.1-incubating to resolve the issue.