GHSA-HM8X-RPGG-7855 Apache Livy: Restrict file access

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

EUVD-2025-208637

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation when processing arbitrary Spark configuration values in requests. An attacker can gain unauthorized access to files by sending specially crafted requests to the REST or JDBC interface. Note: This is only...

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

CVE-2025-60012

CVE-2025-60012 (Apache Livy) : A vulnerability affecting Livy 0.7.0–0.8.0 when connected to Spark 3.1+, enabling unauthorized local file access via crafted Spark configuration values. Root causes (in vulnerable versions): (1) missing validation for spark.archives not added to Livy’s hardcoded fil...

CVE-2025-60012 Apache Livy: Restrict file access

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

CVE-2025-60012 Apache Livy: Restrict file access

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

EUVD-2023-3294

Malicious code in bioql PyPI...

Security Bulletin: Vulnerability in Elastic Elasticsearch-Hadoop affects watsonx.data

Summary Elastic Elasticsearch-Hadoop could allow the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. As this occurs when the user has been authenticated, there is limited impact to watsonx.data. Vulnerabili...

CVE-2023-46674

A flaw was found in elasticsearch-hadoop that allowed the unsafe deserialization of Java objects from Hadoop or spark configuration properties that could have been modified by authenticated users. Unsafe deserialization may impact integrity by allowing an attacker to modify unexpected objects or...

CVE-2023-46674 Elasticsearch-hadoop Unsafe Deserialization

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue...

Elasticsearch-hadoop 7.17.11 / 8.9.0 Security Update (ESA-2023-28)

Elasticsearch-hadoop Unsafe Deserialization ESA-2023-28 An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon W...

Elasticsearch-hadoop Code Issue Vulnerability

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch-hadoop that stems from a deserialization vulnerability in java objects in hadoop or spark configuration properties. Affected products and versions: Elasticsearch-hadoop versions prior to...

PT-2023-30155 · Unknown · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users...