Privilege Escalation Affecting org.apache.spark:spark-core_2.10 package, versions [,2.1.3) [2.2.0, 2.2.2)
Do your applications use this vulnerable package?
19 Jul 2018
11 Jul 2018
How to fix?
org.apache.spark:spark-core_2.10 to version 2.1.3, 2.2.2 or higher.
org.apache.spark:spark-core_2.10 is a cluster computing system for Big Data.
Affected versions of this package are vulnerable to Privilege Escalation. When using
SparkR, it was possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.