2 matches found
CVE-2018-8024
Apache Spark UI cross-site scripting (CVE-2018-8024) affects Spark UI before 2.3.2, including 2.1.0–2.1.2, 2.2.0–2.2.1, and 2.3.0. A malicious user can craft a URL to the Spark UI’s /jobs/ endpoint; if a user visits the URL, JavaScript can execute in the victim’s browser within the Spark UI conte...
CVE-2018-1334
Apache Spark up to version 2.3.0 (affected: 1.0.0–2.1.2, 2.2.0–2.2.1, 2.3.0) is vulnerable to an impersonation flaw when using PySpark or SparkR that lets a different local user connect to a Spark application and impersonate the Spark user. The issue is confirmed across multiple sources (e.g., SU...