Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.spark/spark-core_2.10@2.1.2
Typemaven
Namespaceorg.apache.spark
Namespark-core_2.10
Version2.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-adht-u2kn-j3hh
vulnerability_id VCID-adht-u2kn-j3hh
summary 
Cross-site Scripting
It is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.
references
0
reference_url http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7678
reference_id
reference_type
scores
0
value 0.0179
scoring_system epss
scoring_elements 0.82787
published_at 2026-04-16T12:55:00Z
1
value 0.0179
scoring_system epss
scoring_elements 0.82713
published_at 2026-04-04T12:55:00Z
2
value 0.0179
scoring_system epss
scoring_elements 0.82709
published_at 2026-04-07T12:55:00Z
3
value 0.0179
scoring_system epss
scoring_elements 0.82735
published_at 2026-04-08T12:55:00Z
4
value 0.0179
scoring_system epss
scoring_elements 0.82742
published_at 2026-04-09T12:55:00Z
5
value 0.0179
scoring_system epss
scoring_elements 0.82758
published_at 2026-04-11T12:55:00Z
6
value 0.0179
scoring_system epss
scoring_elements 0.82752
published_at 2026-04-12T12:55:00Z
7
value 0.0179
scoring_system epss
scoring_elements 0.82749
published_at 2026-04-13T12:55:00Z
8
value 0.0179
scoring_system epss
scoring_elements 0.82683
published_at 2026-04-01T12:55:00Z
9
value 0.0179
scoring_system epss
scoring_elements 0.82699
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7678
2
reference_url http://www.securityfocus.com/bid/99603
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99603
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
reference_id CVE-2017-7678
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
4
reference_url https://github.com/advisories/GHSA-r34r-f84j-5x4x
reference_id GHSA-r34r-f84j-5x4x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r34r-f84j-5x4x
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
purl pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as3y-ffvw-rube
1
vulnerability VCID-pa42-1gk4-9yhj
2
vulnerability VCID-pgne-36yk-37bj
3
vulnerability VCID-y6p4-rd9t-cqad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
aliases CVE-2017-7678, GHSA-r34r-f84j-5x4x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-adht-u2kn-j3hh
1
url VCID-as3y-ffvw-rube
vulnerability_id VCID-as3y-ffvw-rube
summary 
Improper Authentication
In all versions of Apache Spark, the standalone resource manager accepts code to execute on a `master` host, that then runs that code on `worker` hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
reference_id
reference_type
scores
0
value 0.0121
scoring_system epss
scoring_elements 0.79011
published_at 2026-04-11T12:55:00Z
1
value 0.0121
scoring_system epss
scoring_elements 0.79014
published_at 2026-04-16T12:55:00Z
2
value 0.0121
scoring_system epss
scoring_elements 0.78986
published_at 2026-04-13T12:55:00Z
3
value 0.0121
scoring_system epss
scoring_elements 0.78939
published_at 2026-04-01T12:55:00Z
4
value 0.0121
scoring_system epss
scoring_elements 0.78945
published_at 2026-04-02T12:55:00Z
5
value 0.0121
scoring_system epss
scoring_elements 0.78972
published_at 2026-04-04T12:55:00Z
6
value 0.0121
scoring_system epss
scoring_elements 0.78956
published_at 2026-04-07T12:55:00Z
7
value 0.0121
scoring_system epss
scoring_elements 0.78981
published_at 2026-04-08T12:55:00Z
8
value 0.0121
scoring_system epss
scoring_elements 0.78987
published_at 2026-04-09T12:55:00Z
9
value 0.0121
scoring_system epss
scoring_elements 0.78996
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
1
reference_url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
2
reference_url https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201903-21
3
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
4
reference_url http://www.securityfocus.com/bid/105976
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
reference_id CVE-2018-17190
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
6
reference_url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
reference_id GHSA-phg2-9c5g-m4q7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
fixed_packages
aliases CVE-2018-17190, GHSA-phg2-9c5g-m4q7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-as3y-ffvw-rube
2
url VCID-m3tv-j5mk-4ufj
vulnerability_id VCID-m3tv-j5mk-4ufj
summary 
Improper Input Validation
The Apache Spark Maven-based build includes a convenience script, `build/mvn`, that downloads and runs a zinc server to speed up compilation. It has been included in release branches since, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11804
reference_id
reference_type
scores
0
value 0.00716
scoring_system epss
scoring_elements 0.72416
published_at 2026-04-16T12:55:00Z
1
value 0.00716
scoring_system epss
scoring_elements 0.72328
published_at 2026-04-01T12:55:00Z
2
value 0.00716
scoring_system epss
scoring_elements 0.72333
published_at 2026-04-02T12:55:00Z
3
value 0.00716
scoring_system epss
scoring_elements 0.72352
published_at 2026-04-04T12:55:00Z
4
value 0.00716
scoring_system epss
scoring_elements 0.72329
published_at 2026-04-07T12:55:00Z
5
value 0.00716
scoring_system epss
scoring_elements 0.72368
published_at 2026-04-08T12:55:00Z
6
value 0.00716
scoring_system epss
scoring_elements 0.7238
published_at 2026-04-09T12:55:00Z
7
value 0.00716
scoring_system epss
scoring_elements 0.72403
published_at 2026-04-11T12:55:00Z
8
value 0.00716
scoring_system epss
scoring_elements 0.72387
published_at 2026-04-12T12:55:00Z
9
value 0.00716
scoring_system epss
scoring_elements 0.72374
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11804
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
3
reference_url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
5
reference_url https://spark.apache.org/security.html#CVE-2018-11804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-11804
6
reference_url https://web.archive.org/web/20200227103903/http://www.securityfocus.com/bid/105756
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227103903/http://www.securityfocus.com/bid/105756
7
reference_url http://www.securityfocus.com/bid/105756
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105756
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11804
reference_id CVE-2018-11804
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11804
9
reference_url https://github.com/advisories/GHSA-62g2-m955-v383
reference_id GHSA-62g2-m955-v383
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62g2-m955-v383
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
purl pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as3y-ffvw-rube
1
vulnerability VCID-pa42-1gk4-9yhj
2
vulnerability VCID-pgne-36yk-37bj
3
vulnerability VCID-y6p4-rd9t-cqad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.0
aliases CVE-2018-11804, GHSA-62g2-m955-v383
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3tv-j5mk-4ufj
3
url VCID-pa42-1gk4-9yhj
vulnerability_id VCID-pa42-1gk4-9yhj
summary 
Improper Authentication
Apache Spark standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property `spark.authenticate.secret` establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11770
reference_id
reference_type
scores
0
value 0.88996
scoring_system epss
scoring_elements 0.99528
published_at 2026-04-16T12:55:00Z
1
value 0.88996
scoring_system epss
scoring_elements 0.99523
published_at 2026-04-07T12:55:00Z
2
value 0.88996
scoring_system epss
scoring_elements 0.99524
published_at 2026-04-08T12:55:00Z
3
value 0.88996
scoring_system epss
scoring_elements 0.99525
published_at 2026-04-09T12:55:00Z
4
value 0.88996
scoring_system epss
scoring_elements 0.99526
published_at 2026-04-12T12:55:00Z
5
value 0.88996
scoring_system epss
scoring_elements 0.99527
published_at 2026-04-13T12:55:00Z
6
value 0.8957
scoring_system epss
scoring_elements 0.99553
published_at 2026-04-02T12:55:00Z
7
value 0.8957
scoring_system epss
scoring_elements 0.99554
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11770
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E
5
reference_url https://spark.apache.org/security.html#CVE-2018-11770
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-11770
6
reference_url https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097
7
reference_url http://www.securityfocus.com/bid/105097
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105097
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1615652
reference_id 1615652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1615652
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11770
reference_id CVE-2018-11770
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11770
10
reference_url https://github.com/advisories/GHSA-w4r4-65mg-45x2
reference_id GHSA-w4r4-65mg-45x2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w4r4-65mg-45x2
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.2.3
purl pkg:maven/org.apache.spark/spark-core_2.10@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gtx-thb1-9ud6
1
vulnerability VCID-as3y-ffvw-rube
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.3
aliases CVE-2018-11770, GHSA-w4r4-65mg-45x2
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa42-1gk4-9yhj
4
url VCID-pgne-36yk-37bj
vulnerability_id VCID-pgne-36yk-37bj
summary 
Information Exposure
In Apache Spark it is possible for a malicious user to construct a URL pointing to a Spark cluster UI job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the user view of the Spark UI. While some browsers like recent versions of Chrome and Safari are able to block this type of attack, current versions of Firefox (and possibly others) do not.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8024
reference_id
reference_type
scores
0
value 0.5025
scoring_system epss
scoring_elements 0.9783
published_at 2026-04-09T12:55:00Z
1
value 0.5025
scoring_system epss
scoring_elements 0.97842
published_at 2026-04-16T12:55:00Z
2
value 0.5025
scoring_system epss
scoring_elements 0.97835
published_at 2026-04-12T12:55:00Z
3
value 0.5025
scoring_system epss
scoring_elements 0.97812
published_at 2026-04-01T12:55:00Z
4
value 0.5025
scoring_system epss
scoring_elements 0.97833
published_at 2026-04-11T12:55:00Z
5
value 0.5025
scoring_system epss
scoring_elements 0.97818
published_at 2026-04-02T12:55:00Z
6
value 0.5025
scoring_system epss
scoring_elements 0.9782
published_at 2026-04-04T12:55:00Z
7
value 0.5025
scoring_system epss
scoring_elements 0.97823
published_at 2026-04-07T12:55:00Z
8
value 0.5025
scoring_system epss
scoring_elements 0.97827
published_at 2026-04-08T12:55:00Z
9
value 0.5025
scoring_system epss
scoring_elements 0.97836
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8024
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba@%3Cdev.spark.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5f241d2cda21cbcb3b63e46e474cf5f50cce66927f08399f4fab0aba%40%3Cdev.spark.apache.org%3E
4
reference_url https://spark.apache.org/security.html#CVE-2018-8024
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-8024
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8024
reference_id CVE-2018-8024
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8024
9
reference_url https://github.com/advisories/GHSA-8cw6-5qvp-q3wj
reference_id GHSA-8cw6-5qvp-q3wj
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8cw6-5qvp-q3wj
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-adht-u2kn-j3hh
1
vulnerability VCID-as3y-ffvw-rube
2
vulnerability VCID-m3tv-j5mk-4ufj
3
vulnerability VCID-pa42-1gk4-9yhj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
1
url pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
purl pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as3y-ffvw-rube
1
vulnerability VCID-pa42-1gk4-9yhj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
aliases CVE-2018-8024, GHSA-8cw6-5qvp-q3wj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pgne-36yk-37bj
5
url VCID-y6p4-rd9t-cqad
vulnerability_id VCID-y6p4-rd9t-cqad
summary In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1334
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.27086
published_at 2026-04-08T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27044
published_at 2026-04-16T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.27035
published_at 2026-04-13T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27093
published_at 2026-04-12T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.27136
published_at 2026-04-11T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.27132
published_at 2026-04-09T12:55:00Z
6
value 0.00098
scoring_system epss
scoring_elements 0.27148
published_at 2026-04-01T12:55:00Z
7
value 0.00098
scoring_system epss
scoring_elements 0.27188
published_at 2026-04-02T12:55:00Z
8
value 0.00098
scoring_system epss
scoring_elements 0.27225
published_at 2026-04-04T12:55:00Z
9
value 0.00098
scoring_system epss
scoring_elements 0.27018
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1334
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2018-25.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2018-25.yaml
3
reference_url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
5
reference_url https://spark.apache.org/security.html#CVE-2018-1334
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-1334
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1334
reference_id CVE-2018-1334
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:P/A:N
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1334
9
reference_url https://github.com/advisories/GHSA-6mqq-8r44-vmjc
reference_id GHSA-6mqq-8r44-vmjc
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mqq-8r44-vmjc
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-adht-u2kn-j3hh
1
vulnerability VCID-as3y-ffvw-rube
2
vulnerability VCID-m3tv-j5mk-4ufj
3
vulnerability VCID-pa42-1gk4-9yhj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.3
1
url pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
purl pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-as3y-ffvw-rube
1
vulnerability VCID-pa42-1gk4-9yhj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.2
aliases CVE-2018-1334, GHSA-6mqq-8r44-vmjc, PYSEC-2018-25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6p4-rd9t-cqad
Fixing_vulnerabilities
0
url VCID-6he5-ksrc-8kck
vulnerability_id VCID-6he5-ksrc-8kck
summary In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34763
published_at 2026-04-16T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.346
published_at 2026-04-01T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34814
published_at 2026-04-02T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34841
published_at 2026-04-04T12:55:00Z
4
value 0.00144
scoring_system epss
scoring_elements 0.34716
published_at 2026-04-07T12:55:00Z
5
value 0.00144
scoring_system epss
scoring_elements 0.3476
published_at 2026-04-08T12:55:00Z
6
value 0.00144
scoring_system epss
scoring_elements 0.34788
published_at 2026-04-09T12:55:00Z
7
value 0.00144
scoring_system epss
scoring_elements 0.34793
published_at 2026-04-11T12:55:00Z
8
value 0.00144
scoring_system epss
scoring_elements 0.34754
published_at 2026-04-12T12:55:00Z
9
value 0.00144
scoring_system epss
scoring_elements 0.34729
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
1
reference_url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
2
reference_url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
3
reference_url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
4
reference_url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
5
reference_url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
6
reference_url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
8
reference_url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
9
reference_url http://www.securityfocus.com/bid/100823
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url http://www.securityfocus.com/bid/100823
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
reference_id CVE-2017-12612
reference_type
scores
0
value 7.2
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:C/I:C/A:C
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
20
reference_url https://github.com/advisories/GHSA-8rhc-48pp-52gr
reference_id GHSA-8rhc-48pp-52gr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8rhc-48pp-52gr
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.10@2.1.2
purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-adht-u2kn-j3hh
1
vulnerability VCID-as3y-ffvw-rube
2
vulnerability VCID-m3tv-j5mk-4ufj
3
vulnerability VCID-pa42-1gk4-9yhj
4
vulnerability VCID-pgne-36yk-37bj
5
vulnerability VCID-y6p4-rd9t-cqad
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.2
aliases CVE-2017-12612, GHSA-8rhc-48pp-52gr, PYSEC-2017-147
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6he5-ksrc-8kck
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.2