Lucene search
ApacheCVELIST:CVE-2018-17190HistoryNov 19, 2018 - 2:00 p.m.
CVE-2018-17190
2018-11-1914:00:00
apache
www.cve.org
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a ‘master’ host, that then runs that code on ‘worker’ hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
CNA Affected
[
{
"product": "Apache Spark",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]Related
nvd
nvd
CVE-2018-17190
2018-11-19 14:29:00
osv
osv
Remote Code Execution in spark-core
2018-11-21 22:19:30
myhack58
myhack58
github
github
Remote Code Execution in spark-core
2018-11-21 22:19:30
cve
cve
CVE-2018-17190
2018-11-19 14:29:00
ibm
ibm
broadcom
broadcom
An improper access control vulnerability has been discovered in Apache Spark
2023-08-29 00:00:00
prion
prion
Authentication flaw
2018-11-19 14:29:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2019-03-28 00:00:00
nessus
nessus
GLSA-201903-21 : Apache: Multiple vulnerabilities
2019-03-28 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00