An improper access control vulnerability has been discovered in Apache Spark

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute co...

Apache Spark RPC Protocol deserialization vulnerability analysis-vulnerability warning-the black bar safety net

Front a burst of Spark official release of the title for the CVE-2018-17190: Unsecured Apache Spark standalone executes user code of the security Bulletin. The announcement indicated the vulnerability affects version to full version, and does not indicate a repaired version, only the relevant...