Lucene search
China National Vulnerability DatabaseCNVD-2023-71729HistoryMay 08, 2023 - 12:00 a.m.
Apache Spark Command Injection Vulnerability (CNVD-2023-71729)
2023-05-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
apache spark
command injection
httpsecurityfilter
vulnerability
data processing
acls
arbitrary username
shell command execution
apache foundation
0.015 Low
EPSS
Percentile
86.8%
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that stems from the fact that if ACLs are enabled, a code path in the HttpSecurityFilter can allow the execution of an emulation by supplying an arbitrary username, which would result in arbitrary shell command execution. No detailed vulnerability details are provided at this time.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache spark | le | 3.0.3 | |
| apache spark >=3.1.1, | le | 3.1.3 | |
| apache spark >=3.2.0, | le | 3.2.1 |
Related
veracode
veracode
OS Command Injection
2023-05-10 02:53:17
osv
osv
CVE-2023-32007
2023-05-02 09:15:10
Apache Spark UI vulnerable to Command Injection
2023-05-02 09:30:17
PYSEC-2023-72
2023-05-02 09:15:00
nvd
nvd
CVE-2023-32007
2023-05-02 09:15:10
cve
cve
CVE-2023-32007
2023-05-02 09:15:10
attackerkb
attackerkb
CVE-2022-33891
2022-07-18 00:00:00
cvelist
cvelist
CVE-2023-32007 Apache Spark: Shell command injection via Spark UI
2023-05-02 08:37:22
nessus
nessus
Apache Spark <= 3.0.3 / 3.1.1 < 3.1.3 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)
2023-03-10 00:00:00
Apache Spark <= 3.0.3 / 3.1.x > 3.1.1 / 3.2.x < 3.2.1 RCE (CVE-2022-33891)
2023-03-27 00:00:00
prion
prion
Command injection
2023-05-02 09:15:00
github
github
Apache Spark UI vulnerable to Command Injection
2023-05-02 09:30:17
