Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/89876?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89876?format=api", "vulnerability_id": "VCID-tytb-xy56-kffn", "summary": "Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.", "aliases": [ { "alias": "PYSEC-2019-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8975?format=api", "purl": "pkg:pypi/pyspark@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5309?format=api", "purl": "pkg:pypi/pyspark@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5310?format=api", "purl": "pkg:pypi/pyspark@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6672?format=api", "purl": "pkg:pypi/pyspark@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6669?format=api", "purl": "pkg:pypi/pyspark@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/6670?format=api", "purl": "pkg:pypi/pyspark@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6671?format=api", "purl": "pkg:pypi/pyspark@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/7917?format=api", "purl": "pkg:pypi/pyspark@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/7914?format=api", "purl": "pkg:pypi/pyspark@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/7915?format=api", "purl": "pkg:pypi/pyspark@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-h81x-x7wm-fqgx" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/7916?format=api", "purl": "pkg:pypi/pyspark@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hnx-b71k-mqat" }, { "vulnerability": "VCID-21dx-vph5-yuhe" }, { "vulnerability": "VCID-5uaa-p1dd-3yb3" }, { "vulnerability": "VCID-aehs-6sa9-a3es" }, { "vulnerability": "VCID-hfnr-s2a7-bkbv" }, { "vulnerability": "VCID-tytb-xy56-kffn" }, { "vulnerability": "VCID-v1xx-eddq-aqcu" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyspark@2.3.2" } ], "references": [ { "reference_url": "https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tytb-xy56-kffn" }