Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/14 10:40 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Jackson implementation in the Spark History Server web UI. An attacker who can write event logs can achieve code execution by injecting malicious JSON payloads into event log files, which are the...

8.8CVSS6.2AI score0.05341EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:9 a.m.2 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.6AI score
Exploits0Affected Software1
PyPA
PyPA
added 2023/05/02 9:15 a.m.6 views

PYSEC-2023-72

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS7.7AI score0.92984EPSS
Exploits12References5Affected Software1
OSV
OSV
added 2023/05/02 9:15 a.m.2 views

PYSEC-2023-72

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS7.6AI score0.92984EPSS
Exploits12References5
Rows per page
Query Builder