GHSA-329J-JFVR-RHR6 Apache Spark vulnerable to Improper Privilege Management
In Apache Spark versions prior to versions 3.4.0 and 3.3.3, applications using spark-submit can specify a proxy-user to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the...