Lucene search
K

1172 matches found

RedhatCVE
RedhatCVE
added 2026/03/16 4:14 p.m.7 views

CVE-2025-54920

Apache Spark contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson deserialization of event log data. This allows an attacker with access to the Spark event logs directory to inject malicious JSON payloads that trigger deserialization of arbitrary...

8.8CVSS6.2AI score0.05341EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.7 views

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +677 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.2.3)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.1.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65https://vulners.com/osv/OSV:GHSA-J...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.10 views

org.apache.spark:spark-tools_2.9.3 (=0.8.1-incubating) potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.9.3 (=0.8.1-incubating)

org.apache.spark:spark-core2.9.3 MAVEN version =0.8.1-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.9.3 and may be impacted: - org.apache.spark:spark-tools2.9.3 =0.8.1-incubating Source cves: CVE-2025-54920...

8.8CVSS5.8AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.8 views

ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.4_2.12 (>=0.25 <=1.2.7) +1748 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=2.4.0 <=3.5.6)

org.apache.spark:spark-core2.12 MAVEN version =2.4.0, =0.25-rc1, =0.25, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.0.9 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.8 views

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.49.0), com.github.rumbledb:rumbledb (=2.0.0) +81 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.13 and may be impacted: - com.azure.cosmos.spark:azure-cosmos-spark4-02-13 =4.43.0, =0.43.0-preview, =0.43.0-preview,...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.7 views

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
OSV
OSV
added 2026/03/16 3:30 p.m.4 views

GHSA-JWP6-CVJ8-FW65 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.6AI score0.05341EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2025-208669

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

6.4AI score0.05341EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/16 3:30 p.m.9 views

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1722 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.4.8)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25-rc1, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.1, =0.0.1, =0.42.1, =1.4.1, =1.4.3 - ai.grakn:grakn-dist =1.4.1 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.5 views

Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.4AI score0.05341EPSS
Exploits1References7Affected Software5
NVD
NVD
added 2026/03/16 2:17 p.m.8 views

CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS0.05341EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/03/15 3:17 p.m.173 views

Exploit for CVE-2025-60012

For educational and security research purposes only. Do not...

6.3CVSS6.1AI score0.00488EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/14 10:40 a.m.10 views

ai.catboost:catboost-spark_3.0_2.12 (>=0.25 <=1.2.8), ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8) +1483 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.12 (>=3.0.0-preview <=3.5.6)

org.apache.spark:spark-core2.12 MAVEN version =3.0.0-preview, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =0.20.0, =0.22.0, =0.36.0 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623151...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/14 10:40 a.m.7 views

com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.49.0), com.github.rumbledb:rumbledb (=2.0.0) +85 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=4.0.0-preview2 <=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0-preview2, =4.43.0, =0.43.0-preview, =0.43.0-preview, =4.0.0-preview22.0.1, =0.0.3, =0.0.3, =7.0.1, =4.1.0, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc, =0.0.1-poc8 and more Source cves: CVE-2025-54920 Source advisory:...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/14 10:40 a.m.8 views

ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +457 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (>=3.2.0 <=3.5.6)

org.apache.spark:spark-core2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =1.2.3, =0.0.25, =0.0.25, =chaining-0.0.46-dev, =0.0.86, =0.0.14, =6.5.0, =1.3.3, =0.20, =0.2, =2.0.3, =1.1.3, =1.1.4 and more Source cves: CVE-2025-54920 Source advisory: SNYK:JAVA-ORGAPACHESPARK-15623152...

8.8CVSS6.5AI score0.05341EPSS
Exploits1
Snyk
Snyk
added 2026/03/14 10:40 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Jackson implementation in the Spark History Server web UI. An attacker who can write event logs can achieve code execution by injecting malicious JSON payloads into event log files, which are the...

8.8CVSS6.2AI score0.05341EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/14 10:40 a.m.6 views

Deserialization of Untrusted Data

Overview org.apache.spark:spark-core2.12 is an unified analytics engine for large-scale data processing. It provides high-level APIs in Scala, Java, Python, and R, and an optimized engine that supports general computation graphs for data analysis. It also supports a rich set of higher-level tools...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References2
OSV
OSV
added 2026/03/14 9:1 a.m.6 views

CVE-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS7.4AI score0.05341EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/03/14 9:1 a.m.8 views

CVE-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

6.4AI score0.05341EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/14 9:1 a.m.4 views

CVE-2025-54920

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

6.4AI score0.05341EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder