pyspark@2.2.3 vulnerabilities
Apache Spark Python API
-
latest version
3.5.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
3 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pyspark package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Command Injection due to the usage of Note:
CVE-2023-32007 was subsequently released to flag that How to fix Command Injection? Upgrade |
[0,3.2.2)
|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Command Injection due to the usage of Note: CVE-2023-32007 was subsequently released to flag that How to fix Command Injection? Upgrade |
[0,3.2.2)
|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Arbitrary Command Execution via the How to fix Arbitrary Command Execution? Upgrade |
[,3.1.3)
[3.2.0,3.2.2)
|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Information Exposure via a bespoke mutual authentication protocol that allows for full encryption key recovery. This would allow a malicious actor who has access to the machine to decrypt captured network traffic offline. How to fix Information Exposure? Upgrade |
[,3.1.3)
|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Remote Code Execution (RCE). A standalone resource manager's master may be configured to require authentication ( How to fix Remote Code Execution (RCE)? Upgrade |
[,2.4.6)
|
pyspark is a fast and general cluster computing system for Big Data. Affected versions of this package are vulnerable to Information Exposure. In certain situations Spark would write user data to local disk unencrypted, even if How to fix Information Exposure? Upgrade |
[,2.3.3)
|