Lucene search
K
ApacheSpark2.2.0

4 matches found

CVE
CVE
added 2018/07/12 1:0 p.m.317 views

CVE-2018-8024

Apache Spark UI cross-site scripting (CVE-2018-8024) affects Spark UI before 2.3.2, including 2.1.0–2.1.2, 2.2.0–2.2.1, and 2.3.0. A malicious user can craft a URL to the Spark UI’s /jobs/ endpoint; if a user visits the URL, JavaScript can execute in the victim’s browser within the Spark UI conte...

5.4CVSS5.3AI score0.05046EPSS
CVE
CVE
added 2019/08/07 4:18 p.m.106 views

CVE-2019-10099

CVE-2019-10099 affects Apache Spark deployments running versions prior to 2.3.3. In certain scenarios, Spark could write user data to local disk unencrypted despite spark.io.encryption.enabled=true. The issue encompasses cached blocks written to disk (controlled by spark.maxRemoteBlockSizeFetchTo...

7.5CVSS7.3AI score0.01291EPSS
CVE
CVE
added 2019/02/04 5:0 p.m.96 views

CVE-2018-11760

CVE-2018-11760 describes a PySpark-related local privilege issue in Apache Spark: a local authenticated user can connect to a running Spark application and impersonate the user running it. Affected Spark versions include 1.x, 2.0.x, 2.1.x, 2.2.0–2.2.2, and 2.3.0–2.3.1. IBM and related advisories ...

5.5CVSS5.5AI score0.00605EPSS
CVE
CVE
added 2018/07/12 1:0 p.m.91 views

CVE-2018-1334

Apache Spark up to version 2.3.0 (affected: 1.0.0–2.1.2, 2.2.0–2.2.1, 2.3.0) is vulnerable to an impersonation flaw when using PySpark or SparkR that lets a different local user connect to a Spark application and impersonate the Spark user. The issue is confirmed across multiple sources (e.g., SU...

4.7CVSS4.7AI score0.00504EPSS