Vulnerabilities > Apache > Spark > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-02 CVE-2023-32007 Unspecified vulnerability in Apache Spark
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache
8.8
2022-07-18 CVE-2022-33891 Unspecified vulnerability in Apache Spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache
8.8
2022-03-10 CVE-2021-38296 Authentication Bypass by Capture-replay vulnerability in multiple products
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled".
network
low complexity
apache oracle CWE-294
7.5
2019-11-18 CVE-2019-10172 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries.
network
low complexity
fasterxml redhat debian apache
7.5
2019-08-07 CVE-2019-10099 Cleartext Storage of Sensitive Information vulnerability in Apache Spark
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true.
network
low complexity
apache CWE-312
7.5
2018-10-24 CVE-2018-11804 Unspecified vulnerability in Apache Spark
Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation.
network
low complexity
apache
7.5
2017-09-13 CVE-2017-12612 Deserialization of Untrusted Data vulnerability in Apache Spark
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket.
local
low complexity
apache CWE-502
7.8