Note:
This project will be discontinued after December 13, 2021. [more]
2019-02-04
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
| Products | Spark |
| Type | ? (NVD-CWE-noinfo) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.securityfocus.com/bid/106786
• https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e%40%3Ccommits.spark.apache.org%3E • https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b%40%3Cuser.spark.apache.org%3E |