Vulnerability Database
289,689
Total vulnerabilities in the database
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
| Software | From | Fixed in |
|---|---|---|
| apache / spark | 1.0.2 | 1.6.3.x |
| apache / spark | 2.0.0 | 2.0.2.x |
| apache / spark | 2.1.0 | 2.1.3.x |
| apache / spark | 2.3.0 | 2.3.1.x |
| apache / spark | 2.2.0 | 2.2.2.x |
pyspark
|
2.3.0 | 2.3.2 |
|
pyspark
|
1.0.2 | 2.2.3 |
- http://www.securityfocus.com/bid/106786
- https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
- https://issues.apache.org/jira/browse/SPARK-26802
- https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
- https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e%40%3Ccommits.spark.apache.org%3E
- https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
- https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b%40%3Cuser.spark.apache.org%3E