Pyspark

Latest version: v3.5.3

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
CVE-2023-32007	64192	UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possib…	<=3.0.3 >=3.1.1,<=3.1.3 >=3.2.0,<=3.2.1	HIGH	8.8
CVE-2018-8024	65849	In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possi…	==2.3.0 >=2.1.0,<2.1.3 >=2.2.0,<2.2.2	MEDIUM	5.4
CVE-2018-11760	53997	When using PySpark , it's possible for a different local user to conn…	>=2.3.0,<2.3.2 >=1.0.2,<2.2.3	MEDIUM	5.5
CVE-2018-1334	54001	In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using…	>=2.2.0,<2.2.2 >=0,<2.1.3	MEDIUM	4.7
PVE-2024-99771	66652	Pyspark before 3.1.3, equal or above 3.2.0 and below 3.2.2 are vulner…	>=0,<3.1.3 >=3.2.0,<3.2.2	-	-
CVE-2023-22946	62892	In Apache Spark versions prior to 3.4.0, applications using spark-sub…	<3.4.0	CRITICAL	9.9
CVE-2019-10099	37352	Prior to Spark 2.3.3, in certain situations Spark would write user da…	<2.3.3	HIGH	7.5
CVE-2017-12612	65847	In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe d…	>=1.6.0,<2.1.2	HIGH	7.8
CVE-2022-31777	54576	A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2…	>=0,<3.2.2	MEDIUM	5.4
CVE-2021-38296	54370	Apache Spark supports end-to-end encryption of RPC connections via "s…	>=0,<3.1.3	HIGH	7.5
CVE-2020-9480	54302	In Apache Spark 2.4.5 and earlier, a standalone resource manager's ma…	>=0,<2.4.6	CRITICAL	9.8
CVE-2017-7678	65848	In Apache Spark before 2.2.0, it is possible for an attacker to take …	>=0,<2.2.0	MEDIUM	6.1