9 matches found
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
CVE-2020-9480
creationtimestamp| type| source ---|---|--- 2025-08-15 16:40:05+00:00| seen| https://t.me/truesecator/7335 2025-10-01 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m25wrr2t7b23...
analytics-zoo (>=0.2.0 <=0.10.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +33 more potentially affected by CVE-2020-9480 via pyspark (>=2.1.2 <=2.4.5)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.11.0, =0.1.2, =0.1.0, =1.0.0, =0.8.0, =0.2.1, =0.2.64 - intake-hive =0.1.0 - j11hail =0.2.53 - jmetalpy =0.9.0 - md2k-cerebral-cortex =3.0.0 and more Source cves: CVE-2020-9480 Source advisory: OSV:GHSA-WGX7-JWWM-CGJV...
Apache Spark Remote Code Execution (CVE-2020-9480)
A remote code execution vulnerability exists in Apache Spark. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-9480
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Spark
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Spark. Vulnerability Details CVEID: CVE-2020-9480 DESCRIPTION: Apache Spark could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when authentication is enabled on...
Security Bulletin: A vulnerability in Apache Spark 2.4.5 and earlier affects IBM Operations Analytics Predictive Insights (CVE-2020-9480)
Summary Apache Spark is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. See the Remediation/Fixes section and apply the recommended fixes. Vulnerability Details CVEID: CVE-2020-9480 DESCRIPTION: Apache Spark coul...
analytics-zoo (>=0.2.0 <=0.10.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +33 more potentially affected by CVE-2020-9480 via pyspark (>=2.1.2 <=2.4.5)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.11.0, =0.1.2, =0.1.0, =1.0.0, =0.8.0, =0.2.1, =0.2.64 - intake-hive =0.1.0 - j11hail =0.2.53 - jmetalpy =0.9.0 - md2k-cerebral-cortex =3.0.0 and more Source cves: CVE-2020-9480 Source advisory: OSV:PYSEC-2020-95...
CVE-2020-9480
The CVE-2020-9480 issue affects Apache Spark 2.4.5 and earlier, where a standalone resource manager master configured with spark.authenticate can still be exploited by a crafted RPC to start applications’ resources and run arbitrary shell commands on the host. The vulnerability arises when authen...