4 matches found
OESA-2022-1591 spark security update
Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:GHSA-9RR6-JPG7-9JG6...
abi-ds-utils (>=0.1.2 <=0.1.9), abi-pyspark-utils (>=0.1.1 <=0.1.4) +119 more potentially affected by CVE-2021-38296 via pyspark (>=2.1.2 <=3.1.2)
pyspark PYPI version =2.1.2, =0.1.2, =0.1.1, =0.5.1, =0.2.0, =1.0.0, =0.9.1, =0.1.57, =0.11.0, =0.14.0b20211027, =2.0.0, =2.5.0b20240324 and more Source cves: CVE-2021-38296 Source advisory: OSV:PYSEC-2022-186...
CVE-2021-38296
CVE-2021-38296 affects Apache Spark where versions up to 3.1.2 use a bespoke mutual authentication protocol for end-to-end RPC encryption that can enable full encryption key recovery and offline decryption of plaintext traffic. The issue is limited to Spark’s key exchange/authentication path and ...