CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38296 – Apache Spark Key Negotiation Vulnerability
https://notcve.org/view.php?id=CVE-2021-38296
10 Mar 2022 — Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.... • https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.3EPSS: 26%CPEs: 23EXPL: 4CVE-2020-27223 – jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
https://notcve.org/view.php?id=CVE-2020-27223
26 Feb 2021 — In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. En Eclipse Jetty versiones 9.4.6.v20170531 hasta 9.4.36.v20210114 (inclusive), versiones 10.0.0 y 11.0.0, cuando Jetty maneja... • https://github.com/motikan2010/CVE-2020-27223 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0CVE-2020-27218 – jetty: buffer not correctly recycled in Gzip Request inflation
https://notcve.org/view.php?id=CVE-2020-27218
28 Nov 2020 — In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the bo... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 9.8EPSS: 80%CPEs: 2EXPL: 1CVE-2020-9480
https://notcve.org/view.php?id=CVE-2020-9480
23 Jun 2020 — In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc). En Apache Spark versión 2.4.5 y ve... • https://github.com/XiaoShaYu617/CVE-2020-9480 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2019-20445 – netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
https://notcve.org/view.php?id=CVE-2019-20445
29 Jan 2020 — HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. "El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite que un encabezado Content-Length esté acompañado por un segundo encabezado Content-Length o por un encabezado Transfer-Encoding." A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Enco... • https://access.redhat.com/errata/RHSA-2020:0497 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10172 – jackson-mapper-asl: XML external entity similar to CVE-2016-3720
https://notcve.org/view.php?id=CVE-2019-10172
18 Nov 2019 — A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. Se detectó un fallo en las bibliotecas org.codehaus.jackson:jackson-mapper-asl:1.9.x. Las vulnerabilidades de tipo XML external entity similares a CVE-2016-3720, también afectan a las bibliotecas codehaus jackson-mapper-asl pero en diferentes clases. A flaw was found in org.codehaus.jackson:jackson-... • https://github.com/rusakovichma/CVE-2019-10172 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-10099
https://notcve.org/view.php?id=CVE-2019-10099
07 Aug 2019 — Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. Spark anterior a versión 2.3.3, en ciertas situaciones, Spark escribiría los datos de usuario en el disco local sin cifrar, incluso si spark.io.encryption.enabled=true... • https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e%40%3Cuser.spark.apache.org%3E • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-11760
https://notcve.org/view.php?id=CVE-2018-11760
04 Feb 2019 — When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1. Al utilizar PySpark, es posible que un usuario local diferente se conecte a la aplicación de Spark y suplante al usuario que ejecuta la aplicación de Spark. Afecta a las versiones 1.x, 2.0.x, 2.1.x, 2.2.0 a 2.2.2 y desde la 2.3.0 hasta la 2.3.1. • http://www.securityfocus.com/bid/106786 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-17190 – Gentoo Linux Security Advisory 201903-21
https://notcve.org/view.php?id=CVE-2018-17190
19 Nov 2018 — In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master ... • http://www.securityfocus.com/bid/105976 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11804
https://notcve.org/view.php?id=CVE-2018-11804
24 Oct 2018 — Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers bui... • http://www.securityfocus.com/bid/105756 •