2 matches found
ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.3_2.13 (>=1.1.1 <=1.2.10) +317 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.13 (>=3.2.0 <=3.4.3)
org.apache.spark:spark-network-common2.13 MAVEN version =3.2.0, =1.0.6, =1.1.1, =1.2, =0.0.25, =0.0.25, =0.0.25, =0.0.86, =0.0.14, =0.20, =1.1.3, =1.4.0, =1.5.0, =1.5.0, =1.8.0 and more Source cves: CVE-2025-55039 Source advisory: OSV:GHSA-6P6V-M64V-JX8Q...
PYSEC-2022-236
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...