68 matches found
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk controlled by spark.maxRemoteBlockSizeFetchToMem; in SparkR, using parallelize; in Pyspark, using...
Security Bulletin: Vulnerability in PySpark affects IBM Analytics Engine (CVE-2018-11760)
Summary When using PySpark, it’s possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. Vulnerability Details CVE-ID: CVE-2018-11760 DESCRIPTION:...
sourced-ml (=0.4.5) potentially affected by CVE-2018-1334 via pyspark (=2.2.0.post0)
pyspark PYPI version =2.2.0.post0 is affected by a known vulnerability. The following packages have a transitive dependency on pyspark and may be impacted: - sourced-ml =0.4.5 Source cves: CVE-2018-1334 Source advisory: OSV:GHSA-6MQQ-8R44-VMJC...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
eskapade-spark (>=0.8.0 <=0.8.2), pytispark (>=1.0.0rc2 <=1.0.1) potentially affected by CVE-2018-1334 via pyspark (=2.1.2)
pyspark PYPI version =2.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on pyspark and may be impacted: - eskapade-spark =0.8.0, =1.0.0rc2, =1.0.1 Source cves: CVE-2018-1334 Source advisory: OSV:GHSA-6MQQ-8R44-VMJC...
azureml-webservice-schema (>=0.1.57 <=1.0.33), gnuper (=0.0.3) +4 more potentially affected by CVE-2018-11760 via pyspark (>=2.3.0 <=2.3.1)
pyspark PYPI version =2.3.0, =0.1.57, =2.0.3, =0.2.0, =0.2.4 Source cves: CVE-2018-11760 Source advisory: OSV:GHSA-FVXV-9XXR-H7WJ...
eskapade-spark (>=0.8.0 <=0.8.2), pytispark (>=1.0.0rc2 <=1.0.1) +1 more potentially affected by CVE-2018-11760 via pyspark (>=2.1.2 <=2.2.0.post0)
pyspark PYPI version =2.1.2, =0.8.0, =1.0.0rc2, =1.0.1 - sourced-ml =0.4.5 Source cves: CVE-2018-11760 Source advisory: OSV:GHSA-FVXV-9XXR-H7WJ...
Pyspark User Impersonation Vulnerability
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
PYSEC-2019-169
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
azureml-webservice-schema (>=0.1.57 <=1.0.33), gnuper (=0.0.3) +4 more potentially affected by CVE-2018-11760 via pyspark (>=2.3.0 <=2.3.1)
pyspark PYPI version =2.3.0, =0.1.57, =2.0.3, =0.2.0, =0.2.4 Source cves: CVE-2018-11760 Source advisory: OSV:PYSEC-2019-169...
Code injection
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
PYSEC-2019-169
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
eskapade-spark (>=0.8.0 <=0.8.2), pytispark (>=1.0.0rc2 <=1.0.1) +1 more potentially affected by CVE-2018-11760 via pyspark (>=2.1.2 <=2.2.0.post0)
pyspark PYPI version =2.1.2, =0.8.0, =1.0.0rc2, =1.0.1 - sourced-ml =0.4.5 Source cves: CVE-2018-11760 Source advisory: OSV:PYSEC-2019-169...
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
CVE-2018-11760
CVE-2018-11760 describes a PySpark-related local privilege issue in Apache Spark: a local authenticated user can connect to a running Spark application and impersonate the user running it. Affected Spark versions include 1.x, 2.0.x, 2.1.x, 2.2.0–2.2.2, and 2.3.0–2.3.1. IBM and related advisories ...
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...
Privilege Escalation
PySpark is vulnerable to privilege escalation. A local user is able to connect to the spark application and impersonate the user running the Spark application...
Apache Spark Spoofing Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computation. Apache Spark versions 1.0.0 through 2.1.2, 2.2.0 through 2.2.1, and 2.3.0 have a spoofing vulnerability in the implementation. When running PySpark and SparkR, a local attacker can...