Vulnerabilities > Apache > Spark > 2.2.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-12 CVE-2018-8024 Information Exposure vulnerability in multiple products
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user's view of the Spark UI.
network
low complexity
apache mozilla CWE-200
5.4
5.4
2018-07-12 CVE-2018-1334 Information Exposure vulnerability in Apache Spark
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
local
high complexity
apache CWE-200
4.7
4.7