VulnerableCode Package Details - pkg:maven/org.apache.spark/spark-core

Search for packages

Vulnerability	Summary	Fixed by
VCID-1hnx-b71k-mqat Aliases: BIT-spark-2023-22946 CVE-2023-22946 GHSA-329j-jfvr-rhr6 PYSEC-2023-44	In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.	3.3.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1hnx-b71k-mqat
Aliases:
BIT-spark-2023-22946
CVE-2023-22946
GHSA-329j-jfvr-rhr6
PYSEC-2023-44

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.

3.3.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:27:03.950899+00:00	GitLab Importer	Affected by	VCID-1hnx-b71k-mqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml	38.4.0
2026-04-11T23:45:24.453453+00:00	GitLab Importer	Affected by	VCID-1hnx-b71k-mqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml	38.3.0
2026-04-02T23:49:02.032234+00:00	GitLab Importer	Affected by	VCID-1hnx-b71k-mqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml	38.1.0
2026-04-02T16:59:20.445941+00:00	GHSA Importer	Affected by	VCID-1hnx-b71k-mqat	https://github.com/advisories/GHSA-329j-jfvr-rhr6	38.1.0
2026-04-01T18:12:22.781062+00:00	GitLab Importer	Affected by	VCID-1hnx-b71k-mqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.13/CVE-2023-22946.yml	38.0.0