Lucene search
K

4 matches found

OSV
OSV
added 2022/03/26 11:3 a.m.5 views

OESA-2022-1591 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and...

7.5CVSS7AI score0.01817EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/03/11 12:2 a.m.4 views

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:GHSA-9RR6-JPG7-9JG6...

7.5CVSS7.1AI score0.01817EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/03/10 9:15 a.m.5 views

abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)

pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:PYSEC-2022-186...

7.5CVSS7.1AI score0.01817EPSS
Exploits0
CVE
CVE
added 2022/03/10 8:20 a.m.151 views

CVE-2021-38296

CVE-2021-38296 affects Apache Spark where versions up to 3.1.2 use a bespoke mutual authentication protocol for end-to-end RPC encryption that can enable full encryption key recovery and offline decryption of plaintext traffic. The issue is limited to Spark’s key exchange/authentication path and ...

7.5CVSS7.8AI score0.01817EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder