CVE-2019-10099

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10099
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10099.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10099
Aliases
Published
2019-08-07T17:15:12.073Z
Modified
2026-04-10T04:11:44.998865Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

References

Affected packages

Git / github.com/apache/spark

Affected ranges

Type
GIT
Repo
https://github.com/apache/spark
Events
Introduced
8fb6f00e195fb258f3f70f04756e07c259a2351f
Last affected
1e860747458d74a4ccbd081103a0542a2367b14b
Introduced
13650fc58e1fcf2cf2a26ba11c819185ae1acc1f
Last affected
584354eaac02531c9584188b143367ba694b0c34
Introduced
cd0a08361e2526519e7c131c42116bf56fa62c76
Last affected
b7eac07b957b9fdb8ecb318a2c6c9f8b354a2ee3
Introduced
a2c7b2133cfee7fa9abfaa2bfbfb637155466783
Last affected
fc28ba3db7185e84b6dbd02ad8ef8f1d06b9e3c6
Introduced
992447fb30ee9ebb3cf794f2d06f4d63a2d792db
Fixed
02b510728c31b70e6035ad541bfcdc2b59dcd79a
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.2"
        },
        {
            "last_affected": "1.6.3"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.0.2"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "last_affected": "2.1.3"
        },
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.2"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.2"
        }
    ]
}

Affected versions

v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.1.1
v2.1.2
v2.1.2-rc1
v2.1.2-rc2
v2.1.2-rc3
v2.1.2-rc4
v2.1.3
v2.1.3-rc1
v2.1.3-rc2
v2.2.0
v2.2.1
v2.2.1-rc1
v2.2.1-rc2
v2.2.2
v2.2.2-rc1
v2.2.2-rc2
v2.3.0
v2.3.1
v2.3.1-rc1
v2.3.1-rc2
v2.3.1-rc3
v2.3.1-rc4
v2.3.2-rc1
v2.3.2-rc2
v2.3.2-rc3
v2.3.2-rc4
v2.3.2-rc5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10099.json"