Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37133?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37133?format=api", "vulnerability_id": "VCID-713x-tc78-rua3", "summary": "This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0.\n\n\n\nApache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.\n\nWhen spark.network.crypto.enabled is set to true (it is set to false by default), but spark.network.crypto.cipher is not explicitly configured, Spark defaults to AES in CTR mode (AES/CTR/NoPadding), which provides encryption without authentication.\n\nThis vulnerability allows a man-in-the-middle attacker to modify encrypted RPC traffic undetected by flipping bits in ciphertext, potentially compromising heartbeat messages or application data and affecting the integrity of Spark workflows.\n\n\nTo mitigate this issue, users should either configure spark.network.crypto.cipher to AES/GCM/NoPadding to enable authenticated encryption or\n\nenable SSL encryption by setting spark.ssl.enabled to true, which provides stronger transport security.", "aliases": [ { "alias": "CVE-2025-55039" }, { "alias": "GHSA-6p6v-m64v-jx8q" }, { "alias": "PYSEC-2025-184" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70923?format=api", "purl": "pkg:maven/org.apache.spark/spark-network-common_2.12@3.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-network-common_2.12@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/70924?format=api", "purl": "pkg:maven/org.apache.spark/spark-network-common_2.12@3.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-network-common_2.12@3.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/70946?format=api", "purl": "pkg:maven/org.apache.spark/spark-network-common_2.13@3.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-network-common_2.13@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/70945?format=api", "purl": "pkg:maven/org.apache.spark/spark-network-common_2.13@3.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-network-common_2.13@3.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46381?format=api", "purl": "pkg:pypi/pyspark@3.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/46382?format=api", "purl": "pkg:pypi/pyspark@3.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.5.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/70922?format=api", "purl": "pkg:maven/org.apache.spark/spark-network-common_2.12@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-network-common_2.12@3.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10262?format=api", "purl": "pkg:pypi/pyspark@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gwu-myk4-ufdj" }, { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" }, { "vulnerability": "VCID-zn7m-yme5-zufa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10263?format=api", "purl": "pkg:pypi/pyspark@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gwu-myk4-ufdj" }, { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/11625?format=api", "purl": "pkg:pypi/pyspark@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/11622?format=api", "purl": "pkg:pypi/pyspark@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gwu-myk4-ufdj" }, { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/11623?format=api", "purl": "pkg:pypi/pyspark@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3gwu-myk4-ufdj" }, { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/11624?format=api", "purl": "pkg:pypi/pyspark@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/12870?format=api", "purl": "pkg:pypi/pyspark@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/12867?format=api", "purl": "pkg:pypi/pyspark@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/12868?format=api", "purl": "pkg:pypi/pyspark@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-mmf5-ctmn-b3ep" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/12869?format=api", "purl": "pkg:pypi/pyspark@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-ntyz-qt6e-vqf3" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/13928?format=api", "purl": "pkg:pypi/pyspark@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/17706?format=api", "purl": "pkg:pypi/pyspark@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/17707?format=api", "purl": "pkg:pypi/pyspark@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/17708?format=api", "purl": "pkg:pypi/pyspark@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17709?format=api", "purl": "pkg:pypi/pyspark@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/17710?format=api", "purl": "pkg:pypi/pyspark@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/17711?format=api", "purl": "pkg:pypi/pyspark@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/17712?format=api", "purl": "pkg:pypi/pyspark@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rcx-smaw-c3an" }, { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/17713?format=api", "purl": "pkg:pypi/pyspark@2.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/26843?format=api", "purl": "pkg:pypi/pyspark@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/26844?format=api", "purl": "pkg:pypi/pyspark@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/26845?format=api", "purl": "pkg:pypi/pyspark@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/26846?format=api", "purl": "pkg:pypi/pyspark@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26847?format=api", "purl": "pkg:pypi/pyspark@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/26848?format=api", "purl": "pkg:pypi/pyspark@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/26849?format=api", "purl": "pkg:pypi/pyspark@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/26850?format=api", "purl": "pkg:pypi/pyspark@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-dwzq-skka-qkhj" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/26851?format=api", "purl": "pkg:pypi/pyspark@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-sr15-sfp8-vkfg" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/28590?format=api", "purl": "pkg:pypi/pyspark@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/28591?format=api", "purl": "pkg:pypi/pyspark@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" }, { "vulnerability": "VCID-pue3-vp1e-xkat" }, { "vulnerability": "VCID-xxtq-3ec6-m7hj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28592?format=api", "purl": "pkg:pypi/pyspark@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/33280?format=api", "purl": "pkg:pypi/pyspark@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/33281?format=api", "purl": "pkg:pypi/pyspark@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/33282?format=api", "purl": "pkg:pypi/pyspark@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/33283?format=api", "purl": "pkg:pypi/pyspark@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33284?format=api", "purl": "pkg:pypi/pyspark@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" }, { "vulnerability": "VCID-adsy-uby8-gkc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46374?format=api", "purl": "pkg:pypi/pyspark@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/46375?format=api", "purl": "pkg:pypi/pyspark@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/33285?format=api", "purl": "pkg:pypi/pyspark@3.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46376?format=api", "purl": "pkg:pypi/pyspark@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/46377?format=api", "purl": "pkg:pypi/pyspark@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/46378?format=api", "purl": "pkg:pypi/pyspark@3.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/46379?format=api", "purl": "pkg:pypi/pyspark@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/46380?format=api", "purl": "pkg:pypi/pyspark@3.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-713x-tc78-rua3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@3.5.1" } ], "references": [ { "reference_url": "https://github.com/apache/spark", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/spark" }, { "reference_url": "https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://lists.apache.org/thread/zrgyy9l85nm2c7vk36vr7bkyorg3w4qq" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/10/14/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2025/10/14/11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55039", "reference_id": "CVE-2025-55039", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55039" }, { "reference_url": "https://github.com/advisories/GHSA-6p6v-m64v-jx8q", "reference_id": "GHSA-6p6v-m64v-jx8q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6p6v-m64v-jx8q" } ], "weaknesses": [ { "cwe_id": 326, "name": "Inadequate Encryption Strength", "description": "The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "6.5 - 6.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-713x-tc78-rua3" }