Vulnerabilities > Apache > Spark > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-17 CVE-2023-22946 Unspecified vulnerability in Apache Spark
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges.
network
low complexity
apache
critical
9.9
2020-06-23 CVE-2020-9480 Missing Authentication for Critical Function vulnerability in multiple products
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret.
network
low complexity
apache oracle CWE-306
critical
9.8
2020-01-29 CVE-2019-20445 HTTP Request Smuggling vulnerability in multiple products
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
network
low complexity
netty debian fedoraproject canonical redhat apache CWE-444
critical
9.1
2018-11-19 CVE-2018-17190 Unspecified vulnerability in Apache Spark
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts.
network
low complexity
apache
critical
9.8