VulnerableCode Package Details - pkg:maven/org.apache.spark/spark-core

Search for packages

Vulnerability	Summary	Fixed by
VCID-2md5-chbw-aaaj Aliases: CVE-2018-1334 GHSA-6mqq-8r44-vmjc PYSEC-2018-25	In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.	2.1.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nhcd-qhgh-aaah Aliases: CVE-2018-11770 GHSA-w4r4-65mg-45x2	Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11	2.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2md5-chbw-aaaj
Aliases:
CVE-2018-1334
GHSA-6mqq-8r44-vmjc
PYSEC-2018-25

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

2.1.3
Affected by 4 other vulnerabilities.

2.2.2
Affected by 3 other vulnerabilities.

2.3.1
Affected by 3 other vulnerabilities.

VCID-nhcd-qhgh-aaah
Aliases:
CVE-2018-11770
GHSA-w4r4-65mg-45x2

Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

2.3.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T20:02:42.037226+00:00	GHSA Importer	Affected by	VCID-2md5-chbw-aaaj	None	36.0.0
2025-01-17T02:31:09.663234+00:00	GHSA Importer	Affected by	VCID-nhcd-qhgh-aaah	None	35.1.0
2024-10-22T13:45:14.228409+00:00	GHSA Importer	Affected by	VCID-2md5-chbw-aaaj	https://github.com/advisories/GHSA-6mqq-8r44-vmjc	34.0.2
2024-09-17T22:37:27.959077+00:00	GitLab Importer	Affected by	VCID-nhcd-qhgh-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.11/CVE-2018-11770.yml	34.0.1
2024-09-17T22:37:27.805371+00:00	GitLab Importer	Affected by	VCID-2md5-chbw-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.11/CVE-2018-1334.yml	34.0.1
2024-09-17T22:05:31.469729+00:00	GHSA Importer	Affected by	VCID-2md5-chbw-aaaj	https://github.com/advisories/GHSA-6mqq-8r44-vmjc	34.0.1
2024-09-17T21:59:57.852316+00:00	GHSA Importer	Affected by	VCID-nhcd-qhgh-aaah	https://github.com/advisories/GHSA-w4r4-65mg-45x2	34.0.1
2024-01-03T18:00:22.708703+00:00	GitLab Importer	Affected by	VCID-nhcd-qhgh-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.11/CVE-2018-11770.yml	34.0.0rc1
2024-01-03T18:00:22.570487+00:00	GitLab Importer	Affected by	VCID-2md5-chbw-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.spark/spark-core_2.11/CVE-2018-1334.yml	34.0.0rc1
2024-01-03T17:40:26.279270+00:00	GHSA Importer	Affected by	VCID-2md5-chbw-aaaj	https://github.com/advisories/GHSA-6mqq-8r44-vmjc	34.0.0rc1
2024-01-03T17:39:46.236317+00:00	GHSA Importer	Affected by	VCID-nhcd-qhgh-aaah	https://github.com/advisories/GHSA-w4r4-65mg-45x2	34.0.0rc1