VYPR
Medium severity4.7NVD Advisory· Published Jul 12, 2018· Updated Jun 17, 2026

CVE-2018-1334

CVE-2018-1334

Description

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.spark:spark-core_2.10Maven
>= 1.0.0, < 2.1.32.1.3
org.apache.spark:spark-core_2.10Maven
>= 2.2.0, < 2.2.22.2.2
org.apache.spark:spark-core_2.11Maven
>= 1.0.0, < 2.1.32.1.3
org.apache.spark:spark-core_2.11Maven
>= 2.2.0, < 2.2.22.2.2
org.apache.spark:spark-core_2.11Maven
>= 2.3.0, < 2.3.12.3.1
pysparkPyPI
>= 2.2.0, < 2.2.22.2.2
pysparkPyPI
< 2.1.32.1.3

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.