Workflow

PyPi: Spark-On-K8s

CVE-2024-37891

Transitive

Safety vulnerability ID: 72057

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 17, 2024 Updated at Jul 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Spark-on-k8s 0.8.0 updates its urllib3 dependency from version 2.2.0 to 2.2.2 to address a security vulnerability identified as CVE-2024-37891.

Affected package

spark-on-k8s

Latest version: 0.10.1

A Python package to submit and manage Apache Spark applications on Kubernetes.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* feat(python-client): support creating and mounting an ephemeral configmap to the driver by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/74
* feat(airflow): support driver_ephemeral_configmaps_volumes by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/75
* security: update urllib3 to avoid CVE-2024-37891 by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/69
* security: bump apache-airflow to avoid CVE-2024-32077 by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/70
* security: update requests to avoid CVE-2024-35195 by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/71
* security: bump certifi to avoid CVE-2024-39689 by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/76
* docs: update python example to explain how to use custom modules by hussein-awala in https://github.com/hussein-awala/spark-on-k8s/pull/73

**Full Changelog**: https://github.com/hussein-awala/spark-on-k8s/compare/0.7.2...0.8.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application