Search for packages
| purl | pkg:maven/org.apache.spark/spark-core@1.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-m3tv-j5mk-4ufj
Aliases: CVE-2018-11804 GHSA-62g2-m955-v383 |
Improper Input Validation The Apache Spark Maven-based build includes a convenience script, `build/mvn`, that downloads and runs a zinc server to speed up compilation. It has been included in release branches since, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. | There are no reported fixed by versions. |
|
VCID-pa42-1gk4-9yhj
Aliases: CVE-2018-11770 GHSA-w4r4-65mg-45x2 |
Improper Authentication Apache Spark standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property `spark.authenticate.secret` establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:48:07.236841+00:00 | GitLab Importer | Affected by | VCID-m3tv-j5mk-4ufj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core/CVE-2018-11804.yml | 38.0.0 |
| 2026-04-01T12:47:55.668672+00:00 | GitLab Importer | Affected by | VCID-pa42-1gk4-9yhj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core/CVE-2018-11770.yml | 38.0.0 |