Lucene search
ApacheCVELIST:CVE-2018-1334HistoryJul 11, 2018 - 12:00 a.m.
CVE-2018-1334
2018-07-1100:00:00
apache
www.cve.org
4
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
CNA Affected
[
{
"product": "Apache Spark",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0 to 2.1.2"
},
{
"status": "affected",
"version": "2.2.0 to 2.2.1"
},
{
"status": "affected",
"version": "2.3.0"
}
]
}
]Related
cve
cve
CVE-2018-1334
2018-07-12 13:29:00
veracode
veracode
Local Privilege Escalation
2018-07-13 03:55:52
nvd
nvd
CVE-2018-1334
2018-07-12 13:29:00
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
2019-03-14 15:41:04
PYSEC-2018-25
2018-07-12 13:29:00
CVE-2018-1334
2018-07-12 13:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
2019-03-14 15:41:04
prion
prion
Code injection
2018-07-12 13:29:00
