Medium severity5.3NVD Advisory· Published Mar 31, 2018· Updated Jun 17, 2026
CVE-2018-9159
CVE-2018-9159
Description
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.sparkjava:spark-coreMaven | < 2.7.2 | 2.7.2 |
Affected products
4- ghsa-coords4 versionspkg:maven/com.sparkjava/spark-corepkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%203.1pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%203.1pkg:rpm/suse/spark&distro=SUSE%20Manager%20Server%203.1
< 2.7.2+ 3 more
- (no CPE)range: < 2.7.2
- (no CPE)range: < 3.1.8-5.38.1
- (no CPE)range: < 3.1.8-0.15.29.1
- (no CPE)range: < 2.3-3.3.1
Patches
Vulnerability mechanics
References
9- github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668nvdPatchThird Party AdvisoryWEB
- github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cdnvdPatchThird Party AdvisoryWEB
- github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863ccnvdPatchThird Party AdvisoryWEB
- sparkjava.com/newsnvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2020nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2405nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-76qr-mmh8-cp8fghsaADVISORY
- github.com/perwendel/spark/issues/981nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-9159ghsaADVISORY
News mentions
0No linked articles in our index yet.