Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyspark@2.1.1
Typepypi
Namespace
Namepyspark
Version2.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.0
Latest_non_vulnerable_version3.4.0
Affected_by_vulnerabilities
0
url VCID-1hnx-b71k-mqat
vulnerability_id VCID-1hnx-b71k-mqat
summary 
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications.

Update to Apache Spark 3.4.0 or later, and ensure that 
spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its 
default of "false", and is not overridden by submitted applications.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22946
reference_id
reference_type
scores
0
value 0.00368
scoring_system epss
scoring_elements 0.58672
published_at 2026-04-07T12:55:00Z
1
value 0.00368
scoring_system epss
scoring_elements 0.58748
published_at 2026-04-18T12:55:00Z
2
value 0.00368
scoring_system epss
scoring_elements 0.58744
published_at 2026-04-16T12:55:00Z
3
value 0.00368
scoring_system epss
scoring_elements 0.58711
published_at 2026-04-13T12:55:00Z
4
value 0.00368
scoring_system epss
scoring_elements 0.58749
published_at 2026-04-11T12:55:00Z
5
value 0.00368
scoring_system epss
scoring_elements 0.58684
published_at 2026-04-02T12:55:00Z
6
value 0.00368
scoring_system epss
scoring_elements 0.5873
published_at 2026-04-12T12:55:00Z
7
value 0.00368
scoring_system epss
scoring_elements 0.58724
published_at 2026-04-08T12:55:00Z
8
value 0.00368
scoring_system epss
scoring_elements 0.58705
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22946
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
3
reference_url https://github.com/apache/spark/commit/909da96e1471886a01a9e1def93630c4fd40e74a
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark/commit/909da96e1471886a01a9e1def93630c4fd40e74a
4
reference_url https://github.com/apache/spark/pull/39474
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark/pull/39474
5
reference_url https://github.com/apache/spark/pull/41428
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark/pull/41428
6
reference_url https://github.com/degant/spark/commit/bfba57724d2520e0fcaa7990f7257c21d11cd75a
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/degant/spark/commit/bfba57724d2520e0fcaa7990f7257c21d11cd75a
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2023-44.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2023-44.yaml
8
reference_url https://issues.apache.org/jira/browse/SPARK-41958
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/SPARK-41958
9
reference_url https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:06:49Z/
url https://lists.apache.org/thread/yllfl25xh5tbotjmg93zrq4bzwhqc0gv
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22946
reference_id CVE-2023-22946
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22946
11
reference_url https://github.com/advisories/GHSA-329j-jfvr-rhr6
reference_id GHSA-329j-jfvr-rhr6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-329j-jfvr-rhr6
fixed_packages
0
url pkg:pypi/pyspark@3.3.2
purl pkg:pypi/pyspark@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.2
1
url pkg:pypi/pyspark@3.4.0
purl pkg:pypi/pyspark@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.0
aliases BIT-spark-2023-22946, CVE-2023-22946, GHSA-329j-jfvr-rhr6, PYSEC-2023-44
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hnx-b71k-mqat
1
url VCID-21dx-vph5-yuhe
vulnerability_id VCID-21dx-vph5-yuhe
summary In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9480.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9480.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9480
reference_id
reference_type
scores
0
value 0.90279
scoring_system epss
scoring_elements 0.99595
published_at 2026-04-02T12:55:00Z
1
value 0.90555
scoring_system epss
scoring_elements 0.99614
published_at 2026-04-16T12:55:00Z
2
value 0.90555
scoring_system epss
scoring_elements 0.99611
published_at 2026-04-07T12:55:00Z
3
value 0.90555
scoring_system epss
scoring_elements 0.9961
published_at 2026-04-04T12:55:00Z
4
value 0.90555
scoring_system epss
scoring_elements 0.99612
published_at 2026-04-13T12:55:00Z
5
value 0.90555
scoring_system epss
scoring_elements 0.99613
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9480
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2020-95.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2020-95.yaml
3
reference_url https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E
7
reference_url https://spark.apache.org/security.html#CVE-2020-9480
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2020-9480
8
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1887887
reference_id 1887887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1887887
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9480
reference_id CVE-2020-9480
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9480
11
reference_url https://github.com/advisories/GHSA-wgx7-jwwm-cgjv
reference_id GHSA-wgx7-jwwm-cgjv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgx7-jwwm-cgjv
fixed_packages
0
url pkg:pypi/pyspark@2.4.6
purl pkg:pypi/pyspark@2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-aehs-6sa9-a3es
3
vulnerability VCID-hfnr-s2a7-bkbv
4
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.6
aliases BIT-spark-2020-9480, CVE-2020-9480, GHSA-wgx7-jwwm-cgjv, PYSEC-2020-95
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21dx-vph5-yuhe
2
url VCID-5uaa-p1dd-3yb3
vulnerability_id VCID-5uaa-p1dd-3yb3
summary 
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This issue was disclosed earlier as CVE-2022-33891, but incorrectly claimed version 3.1.3 (which has since gone EOL) would not be affected.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Users are recommended to upgrade to a supported version of Apache Spark, such as version 3.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32007
reference_id
reference_type
scores
0
value 0.92167
scoring_system epss
scoring_elements 0.99707
published_at 2026-04-02T12:55:00Z
1
value 0.92167
scoring_system epss
scoring_elements 0.99711
published_at 2026-04-13T12:55:00Z
2
value 0.92167
scoring_system epss
scoring_elements 0.9971
published_at 2026-04-09T12:55:00Z
3
value 0.92167
scoring_system epss
scoring_elements 0.99708
published_at 2026-04-04T12:55:00Z
4
value 0.92167
scoring_system epss
scoring_elements 0.99712
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32007
1
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2023-72.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2023-72.yaml
3
reference_url https://lists.apache.org/thread/poxgnxhhnzz735kr1wos366l5vdbb0nv
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:07:28Z/
url https://lists.apache.org/thread/poxgnxhhnzz735kr1wos366l5vdbb0nv
4
reference_url https://spark.apache.org/security.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:07:28Z/
url https://spark.apache.org/security.html
5
reference_url https://www.cve.org/CVERecord?id=CVE-2022-33891
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:07:28Z/
url https://www.cve.org/CVERecord?id=CVE-2022-33891
6
reference_url https://www.openwall.com/lists/oss-security/2023/05/02/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/05/02/1
7
reference_url http://www.openwall.com/lists/oss-security/2023/05/02/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-15T18:07:28Z/
url http://www.openwall.com/lists/oss-security/2023/05/02/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32007
reference_id CVE-2023-32007
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32007
9
reference_url https://github.com/advisories/GHSA-59hw-j9g6-mfg3
reference_id GHSA-59hw-j9g6-mfg3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59hw-j9g6-mfg3
fixed_packages
0
url pkg:pypi/pyspark@3.1.1
purl pkg:pypi/pyspark@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-aehs-6sa9-a3es
3
vulnerability VCID-hfnr-s2a7-bkbv
4
vulnerability VCID-uuju-ey95-tyfq
5
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.1
1
url pkg:pypi/pyspark@3.2.0
purl pkg:pypi/pyspark@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-hfnr-s2a7-bkbv
3
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.0
2
url pkg:pypi/pyspark@3.2.2
purl pkg:pypi/pyspark@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.2
aliases BIT-spark-2023-32007, CVE-2023-32007, GHSA-59hw-j9g6-mfg3, PYSEC-2023-72
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5uaa-p1dd-3yb3
3
url VCID-6he5-ksrc-8kck
vulnerability_id VCID-6he5-ksrc-8kck
summary In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34841
published_at 2026-04-04T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34748
published_at 2026-04-18T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34763
published_at 2026-04-16T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34729
published_at 2026-04-13T12:55:00Z
4
value 0.00144
scoring_system epss
scoring_elements 0.34754
published_at 2026-04-12T12:55:00Z
5
value 0.00144
scoring_system epss
scoring_elements 0.346
published_at 2026-04-01T12:55:00Z
6
value 0.00144
scoring_system epss
scoring_elements 0.3476
published_at 2026-04-08T12:55:00Z
7
value 0.00144
scoring_system epss
scoring_elements 0.34716
published_at 2026-04-07T12:55:00Z
8
value 0.00144
scoring_system epss
scoring_elements 0.34814
published_at 2026-04-02T12:55:00Z
9
value 0.00144
scoring_system epss
scoring_elements 0.34793
published_at 2026-04-11T12:55:00Z
10
value 0.00144
scoring_system epss
scoring_elements 0.34788
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
1
reference_url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
2
reference_url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
3
reference_url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
4
reference_url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
5
reference_url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
6
reference_url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
8
reference_url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
9
reference_url http://www.securityfocus.com/bid/100823
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url http://www.securityfocus.com/bid/100823
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
reference_id CVE-2017-12612
reference_type
scores
0
value 7.2
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:C/I:C/A:C
1
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
20
reference_url https://github.com/advisories/GHSA-8rhc-48pp-52gr
reference_id GHSA-8rhc-48pp-52gr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8rhc-48pp-52gr
fixed_packages
0
url pkg:pypi/pyspark@2.1.2
purl pkg:pypi/pyspark@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-h81x-x7wm-fqgx
5
vulnerability VCID-hfnr-s2a7-bkbv
6
vulnerability VCID-tytb-xy56-kffn
7
vulnerability VCID-v1xx-eddq-aqcu
8
vulnerability VCID-vqmm-ru8x-ukcx
9
vulnerability VCID-y6p4-rd9t-cqad
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.2
aliases CVE-2017-12612, GHSA-8rhc-48pp-52gr, PYSEC-2017-147
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6he5-ksrc-8kck
4
url VCID-aehs-6sa9-a3es
vulnerability_id VCID-aehs-6sa9-a3es
summary Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38296
reference_id
reference_type
scores
0
value 0.00854
scoring_system epss
scoring_elements 0.74935
published_at 2026-04-08T12:55:00Z
1
value 0.00854
scoring_system epss
scoring_elements 0.74983
published_at 2026-04-18T12:55:00Z
2
value 0.00854
scoring_system epss
scoring_elements 0.74976
published_at 2026-04-16T12:55:00Z
3
value 0.00854
scoring_system epss
scoring_elements 0.74939
published_at 2026-04-13T12:55:00Z
4
value 0.00854
scoring_system epss
scoring_elements 0.74948
published_at 2026-04-12T12:55:00Z
5
value 0.00854
scoring_system epss
scoring_elements 0.7497
published_at 2026-04-11T12:55:00Z
6
value 0.00854
scoring_system epss
scoring_elements 0.74947
published_at 2026-04-09T12:55:00Z
7
value 0.00854
scoring_system epss
scoring_elements 0.74898
published_at 2026-04-01T12:55:00Z
8
value 0.00854
scoring_system epss
scoring_elements 0.74899
published_at 2026-04-02T12:55:00Z
9
value 0.00854
scoring_system epss
scoring_elements 0.74928
published_at 2026-04-04T12:55:00Z
10
value 0.00854
scoring_system epss
scoring_elements 0.74901
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38296
1
reference_url https://github.com/advisories/GHSA-9rr6-jpg7-9jg6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9rr6-jpg7-9jg6
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-186.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-186.yaml
3
reference_url https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd
4
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38296
reference_id CVE-2021-38296
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38296
fixed_packages
0
url pkg:pypi/pyspark@3.1.3
purl pkg:pypi/pyspark@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-hfnr-s2a7-bkbv
3
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.3
aliases BIT-spark-2021-38296, CVE-2021-38296, GHSA-9rr6-jpg7-9jg6, PYSEC-2022-186
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aehs-6sa9-a3es
5
url VCID-h81x-x7wm-fqgx
vulnerability_id VCID-h81x-x7wm-fqgx
summary When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11760.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11760.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11760
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.6467
published_at 2026-04-18T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.64659
published_at 2026-04-16T12:55:00Z
2
value 0.00471
scoring_system epss
scoring_elements 0.64623
published_at 2026-04-13T12:55:00Z
3
value 0.00471
scoring_system epss
scoring_elements 0.64651
published_at 2026-04-12T12:55:00Z
4
value 0.00471
scoring_system epss
scoring_elements 0.64664
published_at 2026-04-11T12:55:00Z
5
value 0.00471
scoring_system epss
scoring_elements 0.64647
published_at 2026-04-09T12:55:00Z
6
value 0.00471
scoring_system epss
scoring_elements 0.64631
published_at 2026-04-08T12:55:00Z
7
value 0.00471
scoring_system epss
scoring_elements 0.64582
published_at 2026-04-07T12:55:00Z
8
value 0.00471
scoring_system epss
scoring_elements 0.64624
published_at 2026-04-04T12:55:00Z
9
value 0.00471
scoring_system epss
scoring_elements 0.64595
published_at 2026-04-02T12:55:00Z
10
value 0.00471
scoring_system epss
scoring_elements 0.64542
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11760
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fvxv-9xxr-h7wj
4
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-169.yaml
6
reference_url https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e%40%3Ccommits.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e%40%3Ccommits.spark.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b%40%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b%40%3Cuser.spark.apache.org%3E
10
reference_url https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227091119/http://www.securityfocus.com/bid/106786
11
reference_url https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200925111106/https://issues.apache.org/jira/browse/SPARK-26802
12
reference_url http://www.securityfocus.com/bid/106786
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106786
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1672596
reference_id 1672596
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1672596
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11760
reference_id CVE-2018-11760
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:P/A:N
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11760
fixed_packages
0
url pkg:pypi/pyspark@2.2.3
purl pkg:pypi/pyspark@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-hfnr-s2a7-bkbv
5
vulnerability VCID-tytb-xy56-kffn
6
vulnerability VCID-v1xx-eddq-aqcu
7
vulnerability VCID-vqmm-ru8x-ukcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.3
1
url pkg:pypi/pyspark@2.3.2
purl pkg:pypi/pyspark@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-hfnr-s2a7-bkbv
5
vulnerability VCID-tytb-xy56-kffn
6
vulnerability VCID-v1xx-eddq-aqcu
7
vulnerability VCID-vqmm-ru8x-ukcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.2
aliases CVE-2018-11760, GHSA-fvxv-9xxr-h7wj, PYSEC-2019-169
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h81x-x7wm-fqgx
6
url VCID-hfnr-s2a7-bkbv
vulnerability_id VCID-hfnr-s2a7-bkbv
summary The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
references
0
reference_url http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/
url http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33891.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33891.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-33891
reference_id
reference_type
scores
0
value 0.93513
scoring_system epss
scoring_elements 0.99827
published_at 2026-04-18T12:55:00Z
1
value 0.93513
scoring_system epss
scoring_elements 0.99826
published_at 2026-04-13T12:55:00Z
2
value 0.93513
scoring_system epss
scoring_elements 0.99825
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-33891
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-4x9r-j582-cgr8
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4x9r-j582-cgr8
5
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-236.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-236.yaml
7
reference_url https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/
url https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-33891
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-33891
9
reference_url https://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-33891
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-33891
11
reference_url https://www.openwall.com/lists/oss-security/2023/05/02/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/05/02/1
12
reference_url http://www.openwall.com/lists/oss-security/2023/05/02/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/
url http://www.openwall.com/lists/oss-security/2023/05/02/1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174263
reference_id 2174263
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2174263
fixed_packages
0
url pkg:pypi/pyspark@3.1.1
purl pkg:pypi/pyspark@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-aehs-6sa9-a3es
3
vulnerability VCID-hfnr-s2a7-bkbv
4
vulnerability VCID-uuju-ey95-tyfq
5
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.1
1
url pkg:pypi/pyspark@3.1.3
purl pkg:pypi/pyspark@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-5uaa-p1dd-3yb3
2
vulnerability VCID-hfnr-s2a7-bkbv
3
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.3
2
url pkg:pypi/pyspark@3.2.2
purl pkg:pypi/pyspark@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.2
aliases BIT-spark-2022-33891, CVE-2022-33891, GHSA-4x9r-j582-cgr8, PYSEC-2022-236
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfnr-s2a7-bkbv
7
url VCID-tytb-xy56-kffn
vulnerability_id VCID-tytb-xy56-kffn
summary Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
references
0
reference_url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
fixed_packages
0
url pkg:pypi/pyspark@2.3.3
purl pkg:pypi/pyspark@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-hfnr-s2a7-bkbv
5
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.3
aliases PYSEC-2019-44
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tytb-xy56-kffn
8
url VCID-v1xx-eddq-aqcu
vulnerability_id VCID-v1xx-eddq-aqcu
summary A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31777.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31777.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31777
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31998
published_at 2026-04-09T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31969
published_at 2026-04-08T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.31918
published_at 2026-04-07T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.32095
published_at 2026-04-04T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.32055
published_at 2026-04-02T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34646
published_at 2026-04-16T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34608
published_at 2026-04-13T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34632
published_at 2026-04-18T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34671
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31777
2
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
3
reference_url https://github.com/apache/spark/commit/ad90195de56688ce0898691eb9d04297ab0871ad
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark/commit/ad90195de56688ce0898691eb9d04297ab0871ad
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-42976.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-42976.yaml
5
reference_url https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:36:06Z/
url https://lists.apache.org/thread/60mgbswq2lsmrxykfxpqq13ztkm2ht6q
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31777
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31777
7
reference_url https://web.archive.org/web/20220728105026/https://issues.apache.org/jira/browse/SPARK-39505
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20220728105026/https://issues.apache.org/jira/browse/SPARK-39505
8
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/14
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-06T03:36:06Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/14
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2145264
reference_id 2145264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2145264
10
reference_url https://github.com/advisories/GHSA-43xg-8wmj-cw8h
reference_id GHSA-43xg-8wmj-cw8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43xg-8wmj-cw8h
11
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
fixed_packages
0
url pkg:pypi/pyspark@3.2.2
purl pkg:pypi/pyspark@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.2
1
url pkg:pypi/pyspark@3.3.1
purl pkg:pypi/pyspark@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.1
aliases BIT-spark-2022-31777, CVE-2022-31777, GHSA-43xg-8wmj-cw8h, PYSEC-2022-42976
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xx-eddq-aqcu
9
url VCID-vqmm-ru8x-ukcx
vulnerability_id VCID-vqmm-ru8x-ukcx
summary Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10099
reference_id
reference_type
scores
0
value 0.00542
scoring_system epss
scoring_elements 0.67723
published_at 2026-04-12T12:55:00Z
1
value 0.00542
scoring_system epss
scoring_elements 0.67739
published_at 2026-04-18T12:55:00Z
2
value 0.00542
scoring_system epss
scoring_elements 0.67725
published_at 2026-04-16T12:55:00Z
3
value 0.00542
scoring_system epss
scoring_elements 0.6769
published_at 2026-04-13T12:55:00Z
4
value 0.00542
scoring_system epss
scoring_elements 0.67612
published_at 2026-04-01T12:55:00Z
5
value 0.00542
scoring_system epss
scoring_elements 0.67648
published_at 2026-04-02T12:55:00Z
6
value 0.00542
scoring_system epss
scoring_elements 0.67669
published_at 2026-04-04T12:55:00Z
7
value 0.00542
scoring_system epss
scoring_elements 0.67649
published_at 2026-04-07T12:55:00Z
8
value 0.00542
scoring_system epss
scoring_elements 0.677
published_at 2026-04-08T12:55:00Z
9
value 0.00542
scoring_system epss
scoring_elements 0.67714
published_at 2026-04-09T12:55:00Z
10
value 0.00542
scoring_system epss
scoring_elements 0.67738
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10099
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-114.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-114.yaml
3
reference_url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10099
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10099
7
reference_url https://github.com/advisories/GHSA-fp5j-3fpf-mhj5
reference_id GHSA-fp5j-3fpf-mhj5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fp5j-3fpf-mhj5
fixed_packages
0
url pkg:pypi/pyspark@2.3.3
purl pkg:pypi/pyspark@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-hfnr-s2a7-bkbv
5
vulnerability VCID-v1xx-eddq-aqcu
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.3
aliases CVE-2019-10099, GHSA-fp5j-3fpf-mhj5, PYSEC-2019-114
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqmm-ru8x-ukcx
10
url VCID-y6p4-rd9t-cqad
vulnerability_id VCID-y6p4-rd9t-cqad
summary In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1334
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.27148
published_at 2026-04-01T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27019
published_at 2026-04-18T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.27044
published_at 2026-04-16T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.27225
published_at 2026-04-04T12:55:00Z
4
value 0.00098
scoring_system epss
scoring_elements 0.27188
published_at 2026-04-02T12:55:00Z
5
value 0.00098
scoring_system epss
scoring_elements 0.27035
published_at 2026-04-13T12:55:00Z
6
value 0.00098
scoring_system epss
scoring_elements 0.27093
published_at 2026-04-12T12:55:00Z
7
value 0.00098
scoring_system epss
scoring_elements 0.27136
published_at 2026-04-11T12:55:00Z
8
value 0.00098
scoring_system epss
scoring_elements 0.27132
published_at 2026-04-09T12:55:00Z
9
value 0.00098
scoring_system epss
scoring_elements 0.27086
published_at 2026-04-08T12:55:00Z
10
value 0.00098
scoring_system epss
scoring_elements 0.27018
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1334
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2018-25.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2018-25.yaml
3
reference_url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060@%3Cdev.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/4d6d210e319a501b740293daaeeeadb51927111fb8261a3e4cd60060%40%3Cdev.spark.apache.org%3E
5
reference_url https://spark.apache.org/security.html#CVE-2018-1334
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-1334
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.3.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1334
reference_id CVE-2018-1334
reference_type
scores
0
value 1.9
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:P/A:N
1
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
3
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1334
9
reference_url https://github.com/advisories/GHSA-6mqq-8r44-vmjc
reference_id GHSA-6mqq-8r44-vmjc
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6mqq-8r44-vmjc
fixed_packages
0
url pkg:pypi/pyspark@2.1.3
purl pkg:pypi/pyspark@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-h81x-x7wm-fqgx
5
vulnerability VCID-hfnr-s2a7-bkbv
6
vulnerability VCID-tytb-xy56-kffn
7
vulnerability VCID-v1xx-eddq-aqcu
8
vulnerability VCID-vqmm-ru8x-ukcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.3
1
url pkg:pypi/pyspark@2.2.2
purl pkg:pypi/pyspark@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hnx-b71k-mqat
1
vulnerability VCID-21dx-vph5-yuhe
2
vulnerability VCID-5uaa-p1dd-3yb3
3
vulnerability VCID-aehs-6sa9-a3es
4
vulnerability VCID-h81x-x7wm-fqgx
5
vulnerability VCID-hfnr-s2a7-bkbv
6
vulnerability VCID-tytb-xy56-kffn
7
vulnerability VCID-v1xx-eddq-aqcu
8
vulnerability VCID-vqmm-ru8x-ukcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.2
aliases CVE-2018-1334, GHSA-6mqq-8r44-vmjc, PYSEC-2018-25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6p4-rd9t-cqad
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.1