68 matches found
eskapade-spark (>=0.8.0 <=0.8.2), pytispark (>=1.0.0rc2 <=1.0.1) potentially affected by CVE-2018-1334 via pyspark (=2.1.2)
pyspark PYPI version =2.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on pyspark and may be impacted: - eskapade-spark =0.8.0, =1.0.0rc2, =1.0.1 Source cves: CVE-2018-1334 Source advisory: OSV:PYSEC-2018-25...
PYSEC-2018-25
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
sourced-ml (=0.4.5) potentially affected by CVE-2018-1334 via pyspark (=2.2.0.post0)
pyspark PYPI version =2.2.0.post0 is affected by a known vulnerability. The following packages have a transitive dependency on pyspark and may be impacted: - sourced-ml =0.4.5 Source cves: CVE-2018-1334 Source advisory: OSV:PYSEC-2018-25...
Code injection
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
PYSEC-2018-25
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...
CVE-2018-1334
Apache Spark up to version 2.3.0 (affected: 1.0.0–2.1.2, 2.2.0–2.2.1, 2.3.0) is vulnerable to an impersonation flaw when using PySpark or SparkR that lets a different local user connect to a Spark application and impersonate the Spark user. The issue is confirmed across multiple sources (e.g., SU...
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...