9 matches found
abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +231 more potentially affected by CVE-2025-55039 via pyspark (>=2.1.2 <=3.4.2)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =1.0.2 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...
ai.catboost:catboost-spark_3.5_2.13 (>=1.2.3 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (=0.24) +141 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.5.0 <=3.5.1)
org.apache.spark:spark-network-common2.13 MAVEN version =3.5.0, =1.2.3, =4.43.0, =3.5.0, =3.5.00.20.1, =3.5.0, =2.0.4, =2.1.6-spark-3.5.1, =2.1.6-spark-3.5.1, =1.1.1, =1.1.3 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...
ai.catboost:catboost-spark_3.5_2.12 (>=1.2.3 <=1.2.10), ai.djl.spark:spark_2.12 (=0.29.0) +268 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.5.0 <=3.5.1)
org.apache.spark:spark-network-common2.12 MAVEN version =3.5.0, =1.2.3, =3.44.0.1-1-3.5, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =0.6.17, =0.0.3, =14.0.0, =14.0.0, =14.0.0, =14.17.3 - bio.ferlab:obo-parser2.12 =1.3.1 and more Source cves: CVE-2025-55039 Source advisory:...
ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1535 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=2.4.0 <=3.4.3)
org.apache.spark:spark-network-common2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.21.0 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...
beam-pyspark-runner (>=0.0.1 <=0.0.3), brel-xbrl (=0.8.2a1) +53 more potentially affected by CVE-2025-55039 via pyspark (>=3.5.0 <=3.5.1)
pyspark PYPI version =3.5.0, =0.0.1, =1.3.2, =0.13.0, =0.0.1, =1.2.17, =0.0.0, =5.0.0, =0.0.3, =1.1.0 - hari-data =0.1.5 - hermione-databricks =1.0.1 and more Source cves: CVE-2025-55039 Source advisory: OSV:PYSEC-2025-184...
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +317 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.2.0 <=3.4.3)
org.apache.spark:spark-network-common2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =0.20, =1.1.3, =1.4.0, =1.5.0, =1.5.0, =1.8.0 and more Source cves: CVE-2025-55039 Source advisory: SNYK:JAVA-ORGAPACHESPARK-13553869...
ai.catboost:catboost-spark_3.5_2.12 (>=1.2.3 <=1.2.10), ai.djl.spark:spark_2.12 (=0.29.0) +268 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.5.0 <=3.5.1)
org.apache.spark:spark-network-common2.12 MAVEN version =3.5.0, =1.2.3, =3.44.0.1-1-3.5, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =0.6.17, =0.0.3, =14.0.0, =14.0.0, =14.0.0, =14.17.3 - bio.ferlab:obo-parser2.12 =1.3.1 and more Source cves: CVE-2025-55039 Source advisory:...
CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...
CVE-2025-55039
CVE-2025-55039 affects Apache Spark prior to 3.4.4, 3.5.2 and 4.0.0. When spark.network.crypto.enabled is true (default false) and spark.network.crypto.cipher is not configured, Spark uses AES/CTR/NoPadding for RPC traffic, enabling encryption without authentication. A MITM could flip bits in cip...