PYSEC-2019-169

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pyspark/PYSEC-2019-169.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-169

Aliases

CVE-2018-11760
GHSA-fvxv-9xxr-h7wj

Published

2019-02-04T17:29:00Z

Modified

2023-11-08T03:59:46.761283Z

Summary

[none]

Details

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

References

https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E
http://www.securityfocus.com/bid/106786
https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E
https://github.com/advisories/GHSA-fvxv-9xxr-h7wj

Affected packages

PyPI / pyspark

Package

Name: pyspark; View open source insights on deps.dev
Purl: pkg:pypi/pyspark

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.2

Introduced

1.0.2

Fixed

2.2.3

Affected versions

2.*

2.1.1

2.1.2

2.1.3

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1