Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6he5-ksrc-8kck

Summary In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.

Aliases

alias	CVE-2017-12612

alias	GHSA-8rhc-48pp-52gr

alias	PYSEC-2017-147

Fixed_packages

url pkg:maven/org.apache.spark/spark-core_2.10@2.1.2

purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.2

url pkg:maven/org.apache.spark/spark-core_2.11@2.1.2

purl pkg:maven/org.apache.spark/spark-core_2.11@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.2

url pkg:pypi/pyspark@2.1.2

purl pkg:pypi/pyspark@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.2

Affected_packages

url pkg:maven/org.apache.spark/spark-core_2.10@0.9.0-incubating

purl pkg:maven/org.apache.spark/spark-core_2.10@0.9.0-incubating

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@0.9.0-incubating

url pkg:maven/org.apache.spark/spark-core_2.10@0.9.1

purl pkg:maven/org.apache.spark/spark-core_2.10@0.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@0.9.1

url pkg:maven/org.apache.spark/spark-core_2.10@0.9.2

purl pkg:maven/org.apache.spark/spark-core_2.10@0.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@0.9.2

url pkg:maven/org.apache.spark/spark-core_2.10@1.0.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.0.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.0.2

purl pkg:maven/org.apache.spark/spark-core_2.10@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.2

url pkg:maven/org.apache.spark/spark-core_2.10@1.1.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.1.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.1.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.1.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.2.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.2.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.2.2

purl pkg:maven/org.apache.spark/spark-core_2.10@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.2

url pkg:maven/org.apache.spark/spark-core_2.10@1.3.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.3.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.3.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.3.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.4.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.4.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.4.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.4.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.5.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.5.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.5.2

purl pkg:maven/org.apache.spark/spark-core_2.10@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.2

url pkg:maven/org.apache.spark/spark-core_2.10@1.6.0

purl pkg:maven/org.apache.spark/spark-core_2.10@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.0

url pkg:maven/org.apache.spark/spark-core_2.10@1.6.1

purl pkg:maven/org.apache.spark/spark-core_2.10@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.1

url pkg:maven/org.apache.spark/spark-core_2.10@1.6.2

purl pkg:maven/org.apache.spark/spark-core_2.10@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.2

url pkg:maven/org.apache.spark/spark-core_2.10@1.6.3

purl pkg:maven/org.apache.spark/spark-core_2.10@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.3

url pkg:maven/org.apache.spark/spark-core_2.10@2.0.0

purl pkg:maven/org.apache.spark/spark-core_2.10@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.0

url pkg:maven/org.apache.spark/spark-core_2.10@2.0.0-preview

purl pkg:maven/org.apache.spark/spark-core_2.10@2.0.0-preview

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.0-preview

url pkg:maven/org.apache.spark/spark-core_2.10@2.0.1

purl pkg:maven/org.apache.spark/spark-core_2.10@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.1

url pkg:maven/org.apache.spark/spark-core_2.10@2.0.2

purl pkg:maven/org.apache.spark/spark-core_2.10@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.2

url pkg:maven/org.apache.spark/spark-core_2.10@2.1.0

purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.0

url pkg:maven/org.apache.spark/spark-core_2.10@2.1.1

purl pkg:maven/org.apache.spark/spark-core_2.10@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.2.0

purl pkg:maven/org.apache.spark/spark-core_2.11@1.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.0

url pkg:maven/org.apache.spark/spark-core_2.11@1.2.1

purl pkg:maven/org.apache.spark/spark-core_2.11@1.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.2.2

purl pkg:maven/org.apache.spark/spark-core_2.11@1.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.2

url pkg:maven/org.apache.spark/spark-core_2.11@1.3.0

purl pkg:maven/org.apache.spark/spark-core_2.11@1.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.3.0

url pkg:maven/org.apache.spark/spark-core_2.11@1.3.1

purl pkg:maven/org.apache.spark/spark-core_2.11@1.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.3.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.4.0

purl pkg:maven/org.apache.spark/spark-core_2.11@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.4.0

url pkg:maven/org.apache.spark/spark-core_2.11@1.4.1

purl pkg:maven/org.apache.spark/spark-core_2.11@1.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.4.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.5.0

purl pkg:maven/org.apache.spark/spark-core_2.11@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.0

url pkg:maven/org.apache.spark/spark-core_2.11@1.5.1

purl pkg:maven/org.apache.spark/spark-core_2.11@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.5.2

purl pkg:maven/org.apache.spark/spark-core_2.11@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.2

url pkg:maven/org.apache.spark/spark-core_2.11@1.6.0

purl pkg:maven/org.apache.spark/spark-core_2.11@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.0

url pkg:maven/org.apache.spark/spark-core_2.11@1.6.1

purl pkg:maven/org.apache.spark/spark-core_2.11@1.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.1

url pkg:maven/org.apache.spark/spark-core_2.11@1.6.2

purl pkg:maven/org.apache.spark/spark-core_2.11@1.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.2

url pkg:maven/org.apache.spark/spark-core_2.11@1.6.3

purl pkg:maven/org.apache.spark/spark-core_2.11@1.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.3

url pkg:maven/org.apache.spark/spark-core_2.11@2.0.0

purl pkg:maven/org.apache.spark/spark-core_2.11@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.0

url pkg:maven/org.apache.spark/spark-core_2.11@2.0.0-preview

purl pkg:maven/org.apache.spark/spark-core_2.11@2.0.0-preview

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.0-preview

url pkg:maven/org.apache.spark/spark-core_2.11@2.0.1

purl pkg:maven/org.apache.spark/spark-core_2.11@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.1

url pkg:maven/org.apache.spark/spark-core_2.11@2.0.2

purl pkg:maven/org.apache.spark/spark-core_2.11@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.2

url pkg:maven/org.apache.spark/spark-core_2.11@2.1.0

purl pkg:maven/org.apache.spark/spark-core_2.11@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.0

url pkg:maven/org.apache.spark/spark-core_2.11@2.1.1

purl pkg:maven/org.apache.spark/spark-core_2.11@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-adht-u2kn-j3hh

vulnerability	VCID-as3y-ffvw-rube

vulnerability	VCID-m3tv-j5mk-4ufj

vulnerability	VCID-pa42-1gk4-9yhj

vulnerability	VCID-pgne-36yk-37bj

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.1

url pkg:pypi/pyspark@2.1.1

purl pkg:pypi/pyspark@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12612

reference_id

reference_type

scores

value	0.00144
scoring_system	epss
scoring_elements	0.34841
published_at	2026-04-04T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34748
published_at	2026-04-18T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34763
published_at	2026-04-16T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34729
published_at	2026-04-13T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34754
published_at	2026-04-12T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.346
published_at	2026-04-01T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.3476
published_at	2026-04-08T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34716
published_at	2026-04-07T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34814
published_at	2026-04-02T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34793
published_at	2026-04-11T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34788
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12612

reference_url	https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/0b25a7d93359e348e11b2e8698990a53436b3c5

reference_url	https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/4cba3b5a350f4d477466fc73b32cbd653eee840

reference_url	https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/772a9b969aa179150aa216e9efd950e512e9d0b4

reference_url	https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/8efc6e986554ae66eab93cd64a9035d716adbab

reference_url	https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/9952b53b57498852cba799b47f00238e52114c7c

reference_url	https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57
reference_id
reference_type
scores
url	https://github.com/apache/spark/commit/f7cbf90a72a19476ea2d3d1ddc96c45a24b9f57

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2017-147.yaml

reference_url

https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E

reference_url

http://www.securityfocus.com/bid/100823

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

http://www.securityfocus.com/bid/100823

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:::::::*
reference_id	cpe:2.3:a:apache:spark:1.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:::::::*
reference_id	cpe:2.3:a:apache:spark:1.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:::::::*
reference_id	cpe:2.3:a:apache:spark:1.6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:::::::*
reference_id	cpe:2.3:a:apache:spark:1.6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:1.6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:spark:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:::::::*
reference_id	cpe:2.3:a:apache:spark:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:spark:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:::::::*
reference_id	cpe:2.3:a:apache:spark:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:::::::*
reference_id	cpe:2.3:a:apache:spark:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:spark:2.1.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12612

reference_id

CVE-2017-12612

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12612

reference_url

https://github.com/advisories/GHSA-8rhc-48pp-52gr

reference_id

GHSA-8rhc-48pp-52gr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8rhc-48pp-52gr

Weaknesses

cwe_id	502
name	Deserialization of Untrusted Data
description	The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6he5-ksrc-8kck

Vulnerability Instance