Spark Security Vulnerabilities and Issues — Spark CVE List

Lucene search

ApacheSpark

3 matches found

CVE•added 2019/11/18 5:15 p.m.•478 views

CVE-2019-10172

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

7.5CVSS8.6AI score0.0057EPSS

CVE•added 2019/08/07 5:15 p.m.•81 views

CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broad...

7.5CVSS7.3AI score0.00542EPSS

CVE•added 2019/02/04 5:29 p.m.•77 views

CVE-2018-11760

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

5.5CVSS5.5AI score0.005EPSS