68 matches found
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +74 more potentially affected by CVE-2022-33891 via pyspark (>=3.1.1 <=3.2.1)
pyspark PYPI version =3.1.1, =0.1.2, =0.1.1, =0.1.5, =0.0.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.1, =0.42.2 and more Source cves: CVE-2022-33891 Source advisory: OSV:GHSA-4X9R-J582-CGR8...
aicns-raw-data-loader (=0.1.0), aicns-univariate-analyzer (>=0.5.1 <=0.8.1) +85 more potentially affected by CVE-2022-33891 via pyspark (>=2.1.2 <=3.0.3)
pyspark PYPI version =2.1.2, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2022-33891 Source advisory: OSV:GHSA-4X9R-J582-CGR8...
aicns-raw-data-loader (=0.1.0), aicns-univariate-analyzer (>=0.5.1 <=0.8.1) +85 more potentially affected by CVE-2022-33891 via pyspark (>=2.1.2 <=3.0.3)
pyspark PYPI version =2.1.2, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2022-33891 Source advisory: OSV:PYSEC-2022-236...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +37 more potentially affected by CVE-2022-33891 via pyspark (>=3.1.1 <=3.1.2)
pyspark PYPI version =3.1.1, =0.1.2, =0.1.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.0.0, =1.1.4, =0.0.1, =0.0.1, =3.3.11, =3.3.16 - etosdk =0.2.0 and more Source cves: CVE-2022-33891 Source advisory: OSV:PYSEC-2022-236...
anomalywatchdog (>=0.0.2 <=0.0.7), bigdl-dllib-spark321 (=2.1.0b202207291) +28 more potentially affected by CVE-2022-33891 via pyspark (>=3.2.0 <=3.2.1)
pyspark PYPI version =3.2.0, =0.0.2, =0.2.1, =1.0.1, =1.0.1, =0.0.6, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.0 and more Source cves: CVE-2022-33891 Source advisory: OSV:PYSEC-2022-236...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:GHSA-9RR6-JPG7-9JG6...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:PYSEC-2022-186...
analytics-zoo (>=0.2.0 <=0.10.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +33 more potentially affected by CVE-2020-9480 via pyspark (>=2.1.2 <=2.4.5)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.11.0, =0.1.2, =0.1.0, =1.0.0, =0.8.0, =0.2.1, =0.2.64 - intake-hive =0.1.0 - j11hail =0.2.53 - jmetalpy =0.9.0 - md2k-cerebral-cortex =3.0.0 and more Source cves: CVE-2020-9480 Source advisory: OSV:GHSA-WGX7-JWWM-CGJV...
afwizard (=1.0.1), frontpy (>=0.1.6 <=0.1.14) +4 more potentially affected by CVE-2021-45943 via gdal (>=3.3.2 <=3.4.0)
gdal PYPI version =3.3.2, =0.1.6, =0.1.1, =0.1.0, =0.2.4, =0.1.3, =0.1.4 Source cves: CVE-2021-45943 Source advisory: OSV:PYSEC-2022-43065...
Code Injection in uber/petastorm
Description Petastorm is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning ML...
analytics-zoo (>=0.2.0 <=0.10.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +33 more potentially affected by CVE-2020-9480 via pyspark (>=2.1.2 <=2.4.5)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.11.0, =0.1.2, =0.1.0, =1.0.0, =0.8.0, =0.2.1, =0.2.64 - intake-hive =0.1.0 - j11hail =0.2.53 - jmetalpy =0.9.0 - md2k-cerebral-cortex =3.0.0 and more Source cves: CVE-2020-9480 Source advisory: OSV:PYSEC-2020-95...
The vulnerability of the PySpark interface of the Apache Spark framework, which allows attackers to escalate their privileges
The vulnerability of the PySpark framework of Apache Spark is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
Security Bulletin: Multiple Vulnerabilities in Apache Spark affects IBM Watson Studio Local
Summary Security Bulletin: Multiple Vulnerabilities in Apache Spark affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-11804 DESCRIPTION: Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. ...
Security Bulletin: IBM Cloud Private for Data is affected by a user impersonation vulnerability in PySpark.
Summary When using Open Source Apache PySpark, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. Vulnerability Details CVE-ID:...
analytics-zoo (>=0.2.0 <=0.4.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +9 more potentially affected by CVE-2019-10099 via pyspark (>=2.1.2 <=2.3.2)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.8.0, =0.2.1, =2.0.3, =1.0.0rc2, =0.2.0, =0.2.4 Source cves: CVE-2019-10099 Source advisory: OSV:GHSA-FP5J-3FPF-MHJ5...
GHSA-FP5J-3FPF-MHJ5 Sensitive data written to disk unencrypted in Spark
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
Code injection
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
analytics-zoo (>=0.2.0 <=0.4.0), azureml-webservice-schema (>=0.1.57 <=1.0.33) +9 more potentially affected by CVE-2019-10099 via pyspark (>=2.1.2 <=2.3.2)
pyspark PYPI version =2.1.2, =0.2.0, =0.1.57, =0.8.0, =0.2.1, =2.0.3, =1.0.0rc2, =0.2.0, =0.2.4 Source cves: CVE-2019-10099 Source advisory: OSV:PYSEC-2019-114...
PYSEC-2019-114
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
PYSEC-2019-114
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...