Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that stems from the fact that if ACLs are enabled, a code path in the HttpSecurityFilter can allow the execution of an emulation by supplying an arbitrary username, which would result in arbitrary shell command execution. No detailed vulnerability details are provided at this time.
CPE | Name | Operator | Version |
---|---|---|---|
apache spark | le | 3.0.3 | |
apache spark >=3.1.1, | le | 3.1.3 | |
apache spark >=3.2.0, | le | 3.2.1 |