HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.1.3
HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled from 0, <= 3.0.3
CRITICAL9.9Apache Spark vulnerable to Improper Privilege Management
from 0, < 3.3.2
CRITICAL9.9Apache Spark vulnerable to Improper Privilege Management
from 0, < 3.4.0
CRITICAL9.8Improper Authentication in Apache Spark
from 0, < 2.4.6
CRITICAL9.8Improper Authentication in Apache Spark
from 0, < 2.4.6
HIGH8.8Apache Spark UI vulnerable to Command Injection
from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.2.0
HIGH8.8Apache Spark UI vulnerable to Command Injection
>= 3.1.1, < 3.2.2
HIGH7.8Apache Spark Deserialization of Untrusted Data vulnerability
from 0, < 2.1.2
HIGH7.8Apache Spark Deserialization of Untrusted Data vulnerability
from 0, < 2.1.2
HIGH7.5Authentication Bypass by Capture-replay in Apache Spark
from 0, < 3.1.3
HIGH7.5Authentication Bypass by Capture-replay in Apache Spark
from 0, < 3.1.3
HIGH7.5Sensitive data written to disk unencrypted in Spark
from 0, < 2.3.3
HIGH7.5Sensitive data written to disk unencrypted in Spark
from 0, < 2.3.3
MEDIUM6.5Apache Spark has Inadequate Encryption Strength
from 0, < 3.4.4
MEDIUM6.5Apache Spark has Inadequate Encryption Strength
from 0, < 3.4.4, >= 3.5.0, < 3.5.2
MEDIUM5.5Pyspark User Impersonation Vulnerability
>= 2.3.0, < 2.3.2
MEDIUM5.5Pyspark User Impersonation Vulnerability
>= 2.3.0, < 2.3.2, >= 1.0.2, < 2.2.3
MEDIUM5.4Apache Spark vulnerable to Log Injection
from 0, < 3.2.2
MEDIUM5.4Apache Spark vulnerable to Log Injection
from 0, < 3.2.2
MEDIUM4.7Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
>= 2.2.0, < 2.2.2, from 0, < 2.1.3
MEDIUM4.7Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
>= 2.2.0, < 2.2.2