2 matches found
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +625 more potentially affected by CVE-2017-12612 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.1.1)
org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.18, =2.0.0, =1.0.0, =0.5.2, =1.0, =2.11-2.1.1-2.2.0, =4.2.0, =4.2.0, =5.0.0 and more Source cves: CVE-2017-12612 Source advisory: OSV:GHSA-8RHC-48PP-52GR...
CVE-2017-12612
CVE-2017-12612 affects Apache Spark 1.6.0 through 2.1.1. The root cause is unsafe deserialization in the launcher API over the socket, allowing code execution by an attacker with access to the local user account running the Spark application. The vulnerability does not apply to apps started via s...