Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spark vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-12612
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user a...
Apache Spark 2.0.2
Apache Spark 2.1.1
Apache Spark 1.6.1
Apache Spark 1.6.2
Apache Spark 1.6.3
Apache Spark 2.0.0
Apache Spark 1.6.0
Apache Spark 2.0.1
Apache Spark 2.1.0
4.7
CVSSv3
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Apache Spark
Apache Spark 2.3.0
5.4
CVSSv3
CVE-2022-31777
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and previous versions, and 3.3.0, allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs ren...
Apache Spark 3.3.0
Apache Spark
5.4
CVSSv3
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute...
Apache Spark
Apache Spark 2.3.0
Mozilla Firefox -
7.5
CVSSv3
CVE-2023-28710
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: prior to 4.0.1.
Apache Apache-airflow-providers-apache-spark
7.5
CVSSv3
CVE-2023-40272
Apache Airflow Spark Provider, versions prior to 4.1.3, is affected by a vulnerability that allows an malicious user to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version...
Apache Apache-airflow-providers-apache-spark
9.9
CVSSv3
CVE-2023-22946
In Apache Spark versions before 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes o...
Apache Spark
4.2
CVSSv3
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authentic...
Apache Spark
1 Github repository
7.5
CVSSv3
CVE-2018-11804
Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from ex...
Apache Spark
7.5
CVSSv3
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in P...
Apache Spark
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »