HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled from 0, < 3.0.4, >= 3.1.1, < 3.1.3, >= 3.2.0, < 3.2.2
CRITICAL9.9CVE-2023-22946Apache Spark vulnerable to Improper Privilege Management from 0, < 3.4.0
from 0, < 2.4.6
HIGH8.8Apache Spark: Spark History Server Code Execution Vulnerability
from 0, < 3.5.7, >= 4.0.0, < 4.0.1
HIGH8.8Apache Spark UI vulnerable to Command Injection
from 0, < 3.0.4, >= 3.1.1, < 3.1.4, >= 3.2.0, < 3.2.2
HIGH7.5Authentication Bypass by Capture-replay in Apache Spark
from 0, < 3.1.3
MEDIUM5.4Apache Spark vulnerable to Log Injection
from 0, < 3.2.2, >= 3.3.0, < 3.3.1
MEDIUM5.3DOS vulnerability for Quoted Quality CSV headers
>= 3.1.1, < 3.1.2
MEDIUM4.8jetty9 - security update
>= 2.4.8, < 2.4.9, >= 3.0.3, < 3.0.4