Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25735

HistoryJun 23, 2020 - 1:03 a.m.

Remote Code Execution (RCE)

2020-06-2301:03:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

16

EPSS

0.03

Percentile

90.9%

spark-network-common is vulnerable to remote code execution. The vulnerability exists it is possible to create a RPC request to start an application’s resources on the Spark cluster without the need of a shared key, allowing it to be leveraged for running shell commands.

References

github.com/apache/spark/commit/9416b7c54bdf5613c1a65e6d1779a87591c6c9bd

github.com/apache/spark/commit/c80d5f7aa0fd9e7b37e1bf4175204750098a44a6

lists.apache.org/thread.html/r03ad9fe7c07d6039fba9f2152d345274473cb0af3d8a4794a6645f4b@%3Cuser.spark.apache.org%3E

lists.apache.org/thread.html/ra0e62a18ad080c4ce6df5e0202a27eaada75222761efc3f7238b5a3b@%3Ccommits.doris.apache.org%3E

lists.apache.org/thread.html/rb3956440747e41940d552d377d50b144b60085e7ff727adb0e575d8d@%3Ccommits.submarine.apache.org%3E

lists.apache.org/thread.html/ree9e87aae81852330290a478692e36ea6db47a52a694545c7d66e3e2@%3Cdev.spark.apache.org%3E

seclists.org/oss-sec/2020/q2/205

spark.apache.org/security.html#CVE-2020-9480

www.oracle.com/security-alerts/cpuApr2021.html

EPSS

0.03

Percentile

90.9%

Related for VERACODE:25735

nessus2 redhatcve1 ibm2 osv4 checkpoint_advisories1 nvd1 cve1 prion1 cvelist1 github1 oracle1