Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.spark/spark-core_2.11@1.3.0
Typemaven
Namespaceorg.apache.spark
Namespark-core_2.11
Version1.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4r6t-jf6t-hkfu
vulnerability_id VCID-4r6t-jf6t-hkfu
summary 
Improper Authentication
In all versions of Apache Spark, the standalone resource manager accepts code to execute on a `master` host, that then runs that code on `worker` hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
reference_id
reference_type
scores
0
value 0.0121
scoring_system epss
scoring_elements 0.79312
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17190
1
reference_url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/341c3187f15cdb0d353261d2bfecf2324d56cb7db1339bfc7b30f6e5@%3Cdev.spark.apache.org%3E
2
reference_url https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201903-21
3
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
4
reference_url http://www.securityfocus.com/bid/105976
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105976
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
reference_id CVE-2018-17190
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17190
6
reference_url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
reference_id GHSA-phg2-9c5g-m4q7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-phg2-9c5g-m4q7
fixed_packages
aliases CVE-2018-17190, GHSA-phg2-9c5g-m4q7
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r6t-jf6t-hkfu
1
url VCID-8fxy-5cvh-vfag
vulnerability_id VCID-8fxy-5cvh-vfag
summary 
Improper Authentication
Apache Spark standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property `spark.authenticate.secret` establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11770
reference_id
reference_type
scores
0
value 0.88996
scoring_system epss
scoring_elements 0.99543
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11770
2
reference_url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E
4
reference_url https://spark.apache.org/security.html#CVE-2018-11770
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-11770
5
reference_url https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097
6
reference_url http://www.securityfocus.com/bid/105097
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105097
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1615652
reference_id 1615652
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1615652
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11770
reference_id CVE-2018-11770
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11770
9
reference_url https://github.com/advisories/GHSA-w4r4-65mg-45x2
reference_id GHSA-w4r4-65mg-45x2
reference_type
scores
url https://github.com/advisories/GHSA-w4r4-65mg-45x2
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
purl pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r6t-jf6t-hkfu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
aliases CVE-2018-11770, GHSA-w4r4-65mg-45x2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fxy-5cvh-vfag
2
url VCID-hwy7-n4uz-ffa1
vulnerability_id VCID-hwy7-n4uz-ffa1
summary 
Cross-site Scripting
It is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs.
references
0
reference_url http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://apache-spark-developers-list.1001551.n3.nabble.com/CVE-2017-7678-Apache-Spark-XSS-web-UI-MHTML-vulnerability-td21947.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7678
reference_id
reference_type
scores
0
value 0.01421
scoring_system epss
scoring_elements 0.80941
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7678
2
reference_url http://www.securityfocus.com/bid/99603
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99603
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
reference_id CVE-2017-7678
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7678
4
reference_url https://github.com/advisories/GHSA-r34r-f84j-5x4x
reference_id GHSA-r34r-f84j-5x4x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r34r-f84j-5x4x
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
purl pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r6t-jf6t-hkfu
1
vulnerability VCID-8fxy-5cvh-vfag
2
vulnerability VCID-hx6d-5966-dbgx
3
vulnerability VCID-ntyz-qt6e-vqf3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
1
url pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
purl pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r6t-jf6t-hkfu
1
vulnerability VCID-8fxy-5cvh-vfag
2
vulnerability VCID-hx6d-5966-dbgx
3
vulnerability VCID-ntyz-qt6e-vqf3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.0
aliases CVE-2017-7678, GHSA-r34r-f84j-5x4x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwy7-n4uz-ffa1
3
url VCID-k96c-fsnj-sfbq
vulnerability_id VCID-k96c-fsnj-sfbq
summary 
Improper Input Validation
The Apache Spark Maven-based build includes a convenience script, `build/mvn`, that downloads and runs a zinc server to speed up compilation. It has been included in release branches since, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11804
reference_id
reference_type
scores
0
value 0.00646
scoring_system epss
scoring_elements 0.71111
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11804
1
reference_url https://github.com/apache/spark
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/spark
2
reference_url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d@%3Cdev.spark.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
4
reference_url https://spark.apache.org/security.html#CVE-2018-11804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://spark.apache.org/security.html#CVE-2018-11804
5
reference_url https://web.archive.org/web/20200227103903/http://www.securityfocus.com/bid/105756
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227103903/http://www.securityfocus.com/bid/105756
6
reference_url http://www.securityfocus.com/bid/105756
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/105756
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11804
reference_id CVE-2018-11804
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11804
8
reference_url https://github.com/advisories/GHSA-62g2-m955-v383
reference_id GHSA-62g2-m955-v383
reference_type
scores
url https://github.com/advisories/GHSA-62g2-m955-v383
fixed_packages
aliases CVE-2018-11804, GHSA-62g2-m955-v383
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k96c-fsnj-sfbq
4
url VCID-ntyz-qt6e-vqf3
vulnerability_id VCID-ntyz-qt6e-vqf3
summary Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10099
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10099
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-114.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2019-114.yaml
2
reference_url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10099
reference_id CVE-2019-10099
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10099
6
reference_url https://github.com/advisories/GHSA-fp5j-3fpf-mhj5
reference_id GHSA-fp5j-3fpf-mhj5
reference_type
scores
url https://github.com/advisories/GHSA-fp5j-3fpf-mhj5
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
purl pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r6t-jf6t-hkfu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.3
aliases CVE-2019-10099, GHSA-fp5j-3fpf-mhj5, PYSEC-2019-114
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntyz-qt6e-vqf3
5
url VCID-zn7m-yme5-zufa
vulnerability_id VCID-zn7m-yme5-zufa
summary In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20563
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12612
1
reference_url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
2
reference_url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
3
reference_url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
4
reference_url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
5
reference_url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
6
reference_url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
reference_id
reference_type
scores
url https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml
8
reference_url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E
9
reference_url http://www.securityfocus.com/bid/100823
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url http://www.securityfocus.com/bid/100823
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
reference_id CVE-2017-12612
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12612
11
reference_url https://github.com/advisories/GHSA-8rhc-48pp-52gr
reference_id GHSA-8rhc-48pp-52gr
reference_type
scores
url https://github.com/advisories/GHSA-8rhc-48pp-52gr
fixed_packages
0
url pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
purl pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4r6t-jf6t-hkfu
1
vulnerability VCID-8fxy-5cvh-vfag
2
vulnerability VCID-hx6d-5966-dbgx
3
vulnerability VCID-ntyz-qt6e-vqf3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.2
aliases CVE-2017-12612, GHSA-8rhc-48pp-52gr, PYSEC-2017-147
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn7m-yme5-zufa
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.3.0