5 matches found
CVE-2018-9159
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...
ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744), ai.grakn:grakn-dist (>=0.7.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +171 more potentially affected by CVE-2018-9159 via com.sparkjava:spark-core (>=1.0 <=2.7.1)
com.sparkjava:spark-core MAVEN version =1.0, =1.1.0, =0.7.0, =0.6.1, =0.6.1, =0.7.0, =0.15.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.16.0, =1.0, =1.2.0 - br.com.logiquesistemas:easy-spark =1.0.0 and more Source cves: CVE-2018-9159 Source advisory: OSV:GHSA-76QR-MMH8-CP8F...
SUSE-SU-2018:2689-1 Security update for spark
This update for spark fixes the following security issue: - CVE-2018-9159: Fix a security problem in the serving of static files. bsc1087837...
Critical: Red Hat Security Advisory: Red Hat FIS 2.0 on Fuse 6.3.0 R7 security and bug fix update
An update is now available for Red Hat Fuse Integration Services. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2018-9159
CVE-2018-9159 affects Spark before 2.7.2, allowing a remote attacker to disclose unintended static files via absolute/relative path representations (including file: URLs and directory traversal). The issue is addressed by Spark 2.7.2 and upstream fixes cited by Red Hat and SUSE OSV/RH advisories;...