Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/pyspark@3.3.1
purl pkg:pypi/pyspark@3.3.1
Next non-vulnerable version 3.4.0
Latest non-vulnerable version 3.4.0
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1hnx-b71k-mqat
Aliases:
BIT-spark-2023-22946
CVE-2023-22946
GHSA-329j-jfvr-rhr6
PYSEC-2023-44
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of "false", and is not overridden by submitted applications.
3.3.2
Affected by 1 other vulnerability.
3.4.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-v1xx-eddq-aqcu A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. BIT-spark-2022-31777
CVE-2022-31777
GHSA-43xg-8wmj-cw8h
PYSEC-2022-42976

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:27:03.805291+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2023-22946.yml 38.4.0
2026-04-16T22:14:38.623384+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2022-31777.yml 38.4.0
2026-04-11T23:45:24.300169+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2023-22946.yml 38.3.0
2026-04-11T23:31:39.014575+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2022-31777.yml 38.3.0
2026-04-02T23:49:01.892111+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2023-22946.yml 38.1.0
2026-04-02T23:37:02.433329+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2022-31777.yml 38.1.0
2026-04-01T18:12:22.629098+00:00 GitLab Importer Affected by VCID-1hnx-b71k-mqat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2023-22946.yml 38.0.0
2026-04-01T17:59:13.325876+00:00 GitLab Importer Fixing VCID-v1xx-eddq-aqcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyspark/CVE-2022-31777.yml 38.0.0
2026-04-01T16:03:56.515864+00:00 GHSA Importer Fixing VCID-v1xx-eddq-aqcu https://github.com/advisories/GHSA-43xg-8wmj-cw8h 38.0.0
2026-04-01T15:13:57.467576+00:00 PyPI Importer Affected by VCID-1hnx-b71k-mqat https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T13:07:12.313564+00:00 GithubOSV Importer Fixing VCID-v1xx-eddq-aqcu https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-43xg-8wmj-cw8h/GHSA-43xg-8wmj-cw8h.json 38.0.0
2026-04-01T12:48:13.698543+00:00 Pypa Importer Affected by VCID-1hnx-b71k-mqat https://github.com/pypa/advisory-database/blob/main/vulns/pyspark/PYSEC-2023-44.yaml 38.0.0