Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/9748?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9748?format=api", "vulnerability_id": "VCID-pa42-1gk4-9yhj", "summary": "Improper Authentication\nApache Spark standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property `spark.authenticate.secret` establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API.", "aliases": [ { "alias": "CVE-2018-11770" }, { "alias": "GHSA-w4r4-65mg-45x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/180646?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/78930?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29992?format=api", "purl": "pkg:maven/org.apache.spark/spark-core@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/33158?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180594?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180595?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/180596?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180597?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180598?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180599?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180600?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/55118?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180601?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180602?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180603?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180604?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180605?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180606?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/180607?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180608?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180609?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/180610?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@1.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@1.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/180611?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180612?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.0.0-preview", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.0-preview" }, { "url": "http://public2.vulnerablecode.io/api/packages/180613?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/180614?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35357?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180615?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33246?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35358?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/33129?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180645?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33160?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.10@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.10@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/33149?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162803?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162804?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162805?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/54865?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162806?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162807?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162808?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162809?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162810?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162811?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.5.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/162812?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162813?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.6.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162814?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/162815?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@1.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@1.6.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/162816?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/162817?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.0.0-preview", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.0-preview" }, { "url": "http://public2.vulnerablecode.io/api/packages/162818?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/162819?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35352?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/24315?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-6he5-ksrc-8kck" }, { "vulnerability": "VCID-adht-u2kn-j3hh" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33122?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35354?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-m3tv-j5mk-4ufj" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/24316?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/180643?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35355?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/180644?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35353?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-pgne-36yk-37bj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" }, { "vulnerability": "VCID-y6p4-rd9t-cqad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35356?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33151?format=api", "purl": "pkg:maven/org.apache.spark/spark-core_2.11@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gtx-thb1-9ud6" }, { "vulnerability": "VCID-as3y-ffvw-rube" }, { "vulnerability": "VCID-pa42-1gk4-9yhj" }, { "vulnerability": "VCID-vqmm-ru8x-ukcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.spark/spark-core_2.11@2.3.2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11770.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99534", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99533", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99532", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.9953", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99529", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99528", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99527", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99525", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99524", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88996", "scoring_system": "epss", "scoring_elements": "0.99523", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.8957", "scoring_system": "epss", "scoring_elements": "0.99554", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.8957", "scoring_system": "epss", "scoring_elements": "0.99553", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11770" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485@%3Cdev.spark.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bd8e51314041451a2acd720e9223fc1c15a263ccacb396a75b1fc485%40%3Cdev.spark.apache.org%3E" }, { "reference_url": "https://spark.apache.org/security.html#CVE-2018-11770", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://spark.apache.org/security.html#CVE-2018-11770" }, { "reference_url": "https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227114942/http://www.securityfocus.com/bid/105097" }, { "reference_url": "http://www.securityfocus.com/bid/105097", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105097" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615652", "reference_id": "1615652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11770", "reference_id": "CVE-2018-11770", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11770" }, { "reference_url": "https://github.com/advisories/GHSA-w4r4-65mg-45x2", "reference_id": "GHSA-w4r4-65mg-45x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w4r4-65mg-45x2" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 287, "name": "Improper Authentication", "description": "When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 306, "name": "Missing Authentication for Critical Function", "description": "The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources." } ], "exploits": [ { "date_added": null, "description": "This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API.\n It uses the function CreateSubmissionRequest to submit a malious java class and trigger it.", "required_action": null, "due_date": null, "notes": "SideEffects:\n - artifacts-on-disk\n - ioc-in-logs\nStability:\n - crash-safe\nReliability:\n - repeatable-session\n", "known_ransomware_campaign_use": false, "source_date_published": "2017-12-12", "exploit_type": null, "platform": "Java", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/spark_unauth_rce.rb" } ], "severity_range_score": "4.0 - 6.9", "exploitability": "2.0", "weighted_severity": "6.2", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa42-1gk4-9yhj" }