Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.spark/spark-core_2.13@3.2.2
purl pkg:maven/org.apache.spark/spark-core_2.13@3.2.2
Next non-vulnerable version 3.3.3
Latest non-vulnerable version 4.0.1
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1hnx-b71k-mqat
Aliases:
BIT-spark-2023-22946
CVE-2023-22946
GHSA-329j-jfvr-rhr6
PYSEC-2023-44
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.
3.3.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-v1xx-eddq-aqcu A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. BIT-spark-2022-31777
CVE-2022-31777
GHSA-43xg-8wmj-cw8h
PYSEC-2022-42976

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:27:03.933843+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml 38.4.0
2026-04-16T22:14:38.427952+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2022-31777.yml 38.4.0
2026-04-11T23:45:24.435345+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml 38.3.0
2026-04-11T23:31:38.811293+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2022-31777.yml 38.3.0
2026-04-02T23:49:02.015433+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml 38.1.0
2026-04-02T23:37:02.239604+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2022-31777.yml 38.1.0
2026-04-01T18:12:22.758214+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml 38.0.0
2026-04-01T17:59:13.115758+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2022-31777.yml 38.0.0
2026-04-01T16:03:56.486442+00:00 GHSA Importer Fixing VCID-v1xx-eddq-aqcu https://github.com/advisories/GHSA-43xg-8wmj-cw8h 38.0.0
2026-04-01T13:07:12.336217+00:00 GithubOSV Importer Fixing VCID-v1xx-eddq-aqcu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-43xg-8wmj-cw8h/GHSA-43xg-8wmj-cw8h.json 38.0.0