Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.7
CVE-2018-1334
- EPSS 0.1%
- Veröffentlicht 12.07.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:38
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
7.8
CVE-2017-12612
- EPSS 0.14%
- Veröffentlicht 13.09.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an atta...
6.1
CVE-2017-7678
- EPSS 1.79%
- Veröffentlicht 12.07.2017 13:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history s...