Lucene search
K

9 matches found

vulnersOsv
vulnersOsv
added 2025/10/15 9:30 a.m.6 views

abi-ds-utils (>=0.1.2 <=1.2.3), abi-pyspark-utils (>=0.1.1 <=0.1.4) +231 more potentially affected by CVE-2025-55039 via pyspark (>=2.1.2 <=3.4.2)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.1.5, =0.0.1, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =0.2.0, =0.0.2, =1.0.0, =0.9.1, =1.0.2 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

6.5CVSS7AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 9:30 a.m.6 views

ai.catboost:catboost-spark_3.5_2.13 (>=1.2.3 <=1.2.10), ch.cern.sparkmeasure:spark-measure_2.13 (=0.24) +141 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.13 MAVEN version =3.5.0, =1.2.3, =4.43.0, =3.5.0, =3.5.00.20.1, =3.5.0, =2.0.4, =2.1.6-spark-3.5.1, =2.1.6-spark-3.5.1, =1.1.1, =1.1.3 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

6.5CVSS7AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 9:30 a.m.10 views

ai.catboost:catboost-spark_3.5_2.12 (>=1.2.3 <=1.2.10), ai.djl.spark:spark_2.12 (=0.29.0) +268 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.12 MAVEN version =3.5.0, =1.2.3, =3.44.0.1-1-3.5, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =0.6.17, =0.0.3, =14.0.0, =14.0.0, =14.0.0, =14.17.3 - bio.ferlab:obo-parser2.12 =1.3.1 and more Source cves: CVE-2025-55039 Source advisory:...

6.5CVSS7AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 9:30 a.m.8 views

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1535 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=2.4.0 <=3.4.3)

org.apache.spark:spark-network-common2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.21.0 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...

6.5CVSS7AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 8:15 a.m.9 views

beam-pyspark-runner (>=0.0.1 <=0.0.3), brel-xbrl (=0.8.2a1) +53 more potentially affected by CVE-2025-55039 via pyspark (>=3.5.0 <=3.5.1)

pyspark PYPI version =3.5.0, =0.0.1, =1.3.2, =0.13.0, =0.0.1, =1.2.17, =0.0.0, =5.0.0, =0.0.3, =1.1.0 - hari-data =0.1.5 - hermione-databricks =1.0.1 and more Source cves: CVE-2025-55039 Source advisory: OSV:PYSEC-2025-184...

6.5CVSS7.1AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 7:46 a.m.9 views

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +317 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.2.0 <=3.4.3)

org.apache.spark:spark-network-common2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =0.20, =1.1.3, =1.4.0, =1.5.0, =1.5.0, =1.8.0 and more Source cves: CVE-2025-55039 Source advisory: SNYK:JAVA-ORGAPACHESPARK-13553869...

6.5CVSS7.2AI score0.00223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 7:46 a.m.7 views

ai.catboost:catboost-spark_3.5_2.12 (>=1.2.3 <=1.2.10), ai.djl.spark:spark_2.12 (=0.29.0) +268 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.12 MAVEN version =3.5.0, =1.2.3, =3.44.0.1-1-3.5, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =0.6.17, =0.0.3, =14.0.0, =14.0.0, =14.0.0, =14.17.3 - bio.ferlab:obo-parser2.12 =1.3.1 and more Source cves: CVE-2025-55039 Source advisory:...

6.5CVSS7AI score0.00223EPSS
Exploits0
OSV
OSV
added 2025/10/15 7:19 a.m.3 views

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

6.5CVSS7.1AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2025/10/15 7:19 a.m.37 views

CVE-2025-55039

CVE-2025-55039 affects Apache Spark prior to 3.4.4, 3.5.2 and 4.0.0. When spark.network.crypto.enabled is true (default false) and spark.network.crypto.cipher is not configured, Spark uses AES/CTR/NoPadding for RPC traffic, enabling encryption without authentication. A MITM could flip bits in cip...

6.5CVSS6.3AI score0.00223EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder