org.apache.spark:spark-core_2.12@3.3.1 vulnerabilities

latest version

3.5.1
latest non vulnerable version

3.5.1
first published

6 years ago
latest version published

4 months ago
licenses detected
- Apache-2.0
  [2.4.0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.spark:spark-core_2.12 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Privilege Management org.apache.spark:spark-core_2.12 is an unified analytics engine for large-scale data processing. It provides high-level APIs in Scala, Java, Python, and R, and an optimized engine that supports general computation graphs for data analysis. It also supports a rich set of higher-level tools including Spark SQL for SQL and DataFrames, pandas API on Spark for pandas workloads, MLlib for machine learning, GraphX for graph processing, and Structured Streaming for stream processing. Affected versions of this package are vulnerable to Improper Privilege Management when applications using spark-submit can specify a `proxy-user` to run with limiting privileges., which allows the application to execute code with the privileges of the submitting user. Exploiting this vulnerability is possible by providing malicious configuration-related classes on the classpath. Note: This vulnerability affects architectures relying on proxy-user, for example, those using Apache Livy to manage submitted applications. How to fix Improper Privilege Management? Upgrade `org.apache.spark:spark-core_2.12` to version 3.3.3 or higher.	[,3.3.3)

Improper Privilege Management

org.apache.spark:spark-core_2.12 is an unified analytics engine for large-scale data processing. It provides high-level APIs in Scala, Java, Python, and R, and an optimized engine that supports general computation graphs for data analysis. It also supports a rich set of higher-level tools including Spark SQL for SQL and DataFrames, pandas API on Spark for pandas workloads, MLlib for machine learning, GraphX for graph processing, and Structured Streaming for stream processing.

Affected versions of this package are vulnerable to Improper Privilege Management when applications using spark-submit can specify a proxy-user to run with limiting privileges., which allows the application to execute code with the privileges of the submitting user. Exploiting this vulnerability is possible by providing malicious configuration-related classes on the classpath.

Note: This vulnerability affects architectures relying on proxy-user, for example, those using Apache Livy to manage submitted applications.

How to fix Improper Privilege Management?

Upgrade org.apache.spark:spark-core_2.12 to version 3.3.3 or higher.

[,3.3.3)

Go back to all versions of this package

org.apache.spark:spark-core_2.12@3.3.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities