1172 matches found
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
Apache Spark UI - Cross-Site Scripting
Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint. id: CVE-2018-8024 info: name: Apache Spark UI - Cross-Site Scripting author: ritikchaddha severity: medium description: | Apache Spark UI before 2.3.2 is vulnerable to XSS via...
PYSEC-2026-1141 Apache Airflow Spark Provider Improper Input Validation vulnerability
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...
PYSEC-2026-1140 Apache Airflow Spark Provider vulnerable to improper input validation
Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...
CVE-2026-50193 vulnerabilities
Vulnerabilities for packages: spark...
GHSA-3WRR-7QPF-2PRH vulnerabilities
Vulnerabilities for packages: spark...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: thingsboard, neo4j, spark-kubernetes-operator-fips, opensearch, strimzi-kafka-operator-fips, kserve-modelmesh, commercial-elasticsearch, docker-selenium, kafka, request-9047-keycloak-fips, grpc-java-fips, kafbat-ui, elasticsearch, kayenta-fips, cassandra, celeborn,...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: thingsboard, neo4j, spark-kubernetes-operator-fips, opensearch, strimzi-kafka-operator-fips, kserve-modelmesh, commercial-elasticsearch, docker-selenium, kafka, request-9047-keycloak-fips, grpc-java-fips, kafbat-ui, elasticsearch, kayenta-fips, cassandra, celeborn,...
GHSA-4GRM-H2QV-H6W6 vulnerabilities
Vulnerabilities for packages: apache-hop, spark...
GHSA-CQ4Q-CV5G-R8Q5 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-48748 vulnerabilities
Vulnerabilities for packages: spark...
GHSA-4GRM-H2QV-H6W6 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-50009 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-50020 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, strimzi-kafka-operator, logstash, spark, tez, kserve-modelmesh, keycloak, druid, apache-pulsar, wildfly, docker-selenium, thingsboard...
GHSA-HVCG-QMG6-JM4C vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, strimzi-kafka-operator, logstash, spark, tez, kserve-modelmesh, keycloak, druid, apache-pulsar, wildfly, docker-selenium, thingsboard...
GHSA-563Q-J3CM-6JXM vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, infinispan, strimzi-kafka-operator, spark, kserve-modelmesh, druid, apache-pulsar, docker-selenium, thingsboard...
CVE-2026-50560 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, infinispan, strimzi-kafka-operator, spark, kserve-modelmesh, druid, apache-pulsar, docker-selenium, thingsboard...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, logstash, spark, tez, kserve-modelmesh, cassandra, druid, solr, apache-pulsar, docker-selenium, thingsboard...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, logstash, spark, tez, kserve-modelmesh, cassandra, druid, solr, apache-pulsar, docker-selenium, thingsboard...
Apache Spark UI - Remote Command Injection
Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...