Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hfnr-s2a7-bkbv

Summary The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.

Aliases

alias	BIT-spark-2022-33891

alias	CVE-2022-33891

alias	GHSA-4x9r-j582-cgr8

alias	PYSEC-2022-236

Fixed_packages

url	pkg:maven/org.apache.spark/spark-parent_2.12@3.1.0
purl	pkg:maven/org.apache.spark/spark-parent_2.12@3.1.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.1.0

url	pkg:maven/org.apache.spark/spark-parent_2.12@3.2.2
purl	pkg:maven/org.apache.spark/spark-parent_2.12@3.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.2.2

url pkg:pypi/pyspark@3.1.1

purl pkg:pypi/pyspark@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.1

url pkg:pypi/pyspark@3.1.3

purl pkg:pypi/pyspark@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.3

url pkg:pypi/pyspark@3.2.2

purl pkg:pypi/pyspark@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.2

Affected_packages

url pkg:maven/org.apache.spark/spark-core@3.0.3

purl pkg:maven/org.apache.spark/spark-core@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-nyxu-ekhs-gyb5

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@3.0.3

url pkg:maven/org.apache.spark/spark-core@3.1.1

purl pkg:maven/org.apache.spark/spark-core@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-uuju-ey95-tyfq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@3.1.1

url pkg:maven/org.apache.spark/spark-core@3.1.2

purl pkg:maven/org.apache.spark/spark-core@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@3.1.2

url pkg:maven/org.apache.spark/spark-core@3.2.0

purl pkg:maven/org.apache.spark/spark-core@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@3.2.0

url pkg:maven/org.apache.spark/spark-core@3.2.1

purl pkg:maven/org.apache.spark/spark-core@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@3.2.1

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.0

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.0

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.1

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.1

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.2

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.2

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.3

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.3

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.4

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.4

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.5

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.5

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.6

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.6

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.7

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.7

url pkg:maven/org.apache.spark/spark-parent_2.12@2.4.8

purl pkg:maven/org.apache.spark/spark-parent_2.12@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@2.4.8

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview2

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.0-preview2

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.1

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.1

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.2

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.2

url pkg:maven/org.apache.spark/spark-parent_2.12@3.0.3

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.0.3

url pkg:maven/org.apache.spark/spark-parent_2.12@3.1.1

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.1.1

url pkg:maven/org.apache.spark/spark-parent_2.12@3.1.2

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.1.2

url pkg:maven/org.apache.spark/spark-parent_2.12@3.1.3

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.1.3

url pkg:maven/org.apache.spark/spark-parent_2.12@3.2.0

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.2.0

url pkg:maven/org.apache.spark/spark-parent_2.12@3.2.1

purl pkg:maven/org.apache.spark/spark-parent_2.12@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-parent_2.12@3.2.1

url pkg:pypi/pyspark@0

purl pkg:pypi/pyspark@0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@0

url pkg:pypi/pyspark@2.1.1

purl pkg:pypi/pyspark@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-6he5-ksrc-8kck

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.1

url pkg:pypi/pyspark@2.1.2

purl pkg:pypi/pyspark@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.2

url pkg:pypi/pyspark@2.1.3

purl pkg:pypi/pyspark@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.3

url pkg:pypi/pyspark@2.2.0

purl pkg:pypi/pyspark@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.0

url pkg:pypi/pyspark@2.2.1

purl pkg:pypi/pyspark@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

vulnerability	VCID-y6p4-rd9t-cqad

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.1

url pkg:pypi/pyspark@2.2.2

purl pkg:pypi/pyspark@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.2

url pkg:pypi/pyspark@2.2.3

purl pkg:pypi/pyspark@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.3

url pkg:pypi/pyspark@2.3.0

purl pkg:pypi/pyspark@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.0

url pkg:pypi/pyspark@2.3.1

purl pkg:pypi/pyspark@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-h81x-x7wm-fqgx

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.1

url pkg:pypi/pyspark@2.3.2

purl pkg:pypi/pyspark@2.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-tytb-xy56-kffn

vulnerability	VCID-v1xx-eddq-aqcu

vulnerability	VCID-vqmm-ru8x-ukcx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.2

url pkg:pypi/pyspark@2.3.3

purl pkg:pypi/pyspark@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.3

url pkg:pypi/pyspark@2.3.4

purl pkg:pypi/pyspark@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.4

url pkg:pypi/pyspark@2.4.0

purl pkg:pypi/pyspark@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.0

url pkg:pypi/pyspark@2.4.1

purl pkg:pypi/pyspark@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.1

url pkg:pypi/pyspark@2.4.2

purl pkg:pypi/pyspark@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.2

url pkg:pypi/pyspark@2.4.3

purl pkg:pypi/pyspark@2.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.3

url pkg:pypi/pyspark@2.4.4

purl pkg:pypi/pyspark@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.4

url pkg:pypi/pyspark@2.4.5

purl pkg:pypi/pyspark@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-21dx-vph5-yuhe

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.5

url pkg:pypi/pyspark@2.4.6

purl pkg:pypi/pyspark@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.6

url pkg:pypi/pyspark@2.4.7

purl pkg:pypi/pyspark@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.7

url pkg:pypi/pyspark@2.4.8

purl pkg:pypi/pyspark@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.8

url pkg:pypi/pyspark@3.0.0

purl pkg:pypi/pyspark@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.0

url pkg:pypi/pyspark@3.0.1

purl pkg:pypi/pyspark@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.1

url pkg:pypi/pyspark@3.0.2

purl pkg:pypi/pyspark@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.2

url pkg:pypi/pyspark@3.0.3

purl pkg:pypi/pyspark@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.3

url pkg:pypi/pyspark@3.1.1

purl pkg:pypi/pyspark@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-uuju-ey95-tyfq

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.1

url pkg:pypi/pyspark@3.1.2

purl pkg:pypi/pyspark@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-aehs-6sa9-a3es

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.2

url pkg:pypi/pyspark@3.1.3

purl pkg:pypi/pyspark@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.3

url pkg:pypi/pyspark@3.2.0

purl pkg:pypi/pyspark@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.0

url pkg:pypi/pyspark@3.2.1

purl pkg:pypi/pyspark@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hnx-b71k-mqat

vulnerability	VCID-5uaa-p1dd-3yb3

vulnerability	VCID-hfnr-s2a7-bkbv

vulnerability	VCID-v1xx-eddq-aqcu

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.1

References

reference_url

http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/

url

http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33891.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-33891.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-33891

reference_id

reference_type

scores

value	0.93513
scoring_system	epss
scoring_elements	0.99827
published_at	2026-04-18T12:55:00Z

value	0.93513
scoring_system	epss
scoring_elements	0.99826
published_at	2026-04-13T12:55:00Z

value	0.93513
scoring_system	epss
scoring_elements	0.99825
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-33891

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-4x9r-j582-cgr8

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4x9r-j582-cgr8

reference_url

https://github.com/apache/spark

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/spark

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-236.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyspark/PYSEC-2022-236.yaml

reference_url

https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/

url

https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-33891

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-33891

reference_url

https://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-33891

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-33891

reference_url

https://www.openwall.com/lists/oss-security/2023/05/02/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/05/02/1

reference_url

http://www.openwall.com/lists/oss-security/2023/05/02/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:A

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T14:13:50Z/

url

http://www.openwall.com/lists/oss-security/2023/05/02/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2174263
reference_id	2174263
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2174263

Weaknesses

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

cwe_id	77
name	Improper Neutralization of Special Elements used in a Command ('Command Injection')
description	The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

date_added	`null`
description	This module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs parameter by using a raw Linux command. It is triggered by a non-default setting called spark.acls.enable. This configuration setting spark.acls.enable should be set true in the Spark configuration to make the application vulnerable for this attack. Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1 are affected by this vulnerability.
required_action	`null`
due_date	`null`
notes	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - ioc-in-logs
known_ransomware_campaign_use	`false`
source_date_published	2022-07-18
exploit_type	`null`
platform	Linux,Unix
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/apache_spark_rce_cve_2022_33891.rb

date_added	2023-03-07
description	Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
required_action	Apply updates per vendor instructions.
due_date	2023-03-28
notes	https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

Severity_range_score 7.0 - 8.9

Exploitability 2.0

Weighted_severity 8.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfnr-s2a7-bkbv

Vulnerability Instance