VYPR
Moderate severityNVD Advisory· Published Feb 4, 2019· Updated Sep 16, 2024

CVE-2018-11760

CVE-2018-11760

Description

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pysparkPyPI
>= 2.3.0, < 2.3.22.3.2
pysparkPyPI
>= 1.0.2, < 2.2.32.2.3

Affected products

2
  • ghsa-coords
    Range: >= 2.3.0, < 2.3.2
  • Apache Software Foundation/Apache Sparkv5
    Range: Apache Spark 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.