VulnerableCode Package Details - pkg:maven/org.apache.spark/spark-core@2.3.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.spark/spark-core@2.3.2

Essentials
History (2)

purl	pkg:maven/org.apache.spark/spark-core@2.3.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-h81x-x7wm-fqgx	When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.	CVE-2018-11760 GHSA-fvxv-9xxr-h7wj PYSEC-2019-169
VCID-vqmm-ru8x-ukcx	Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.	CVE-2019-10099 GHSA-fp5j-3fpf-mhj5 PYSEC-2019-114

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:35:59.485020+00:00	GitLab Importer	Fixing	VCID-vqmm-ru8x-ukcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core/CVE-2019-10099.yml	38.0.0
2026-04-01T12:48:16.959552+00:00	GitLab Importer	Fixing	VCID-h81x-x7wm-fqgx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core/CVE-2018-11760.yml	38.0.0