📦 Spark

This vulnerability allows authenticated users to impersonate arbitrary users in Apache Spark UI when ACLs are enabled, leading to arbitrary shell command execution as the Spark service account. It aff...

This vulnerability in Apache Spark allows attackers to recover full encryption keys from RPC connections using a flawed mutual authentication protocol. After an initial interactive attack, attackers c...

Apache Spark versions before 3.4.4, 3.5.2, and 4.0.0 use an insecure default cipher (AES/CTR/NoPadding) for RPC encryption when spark.network.crypto.enabled is true, allowing man-in-the-middle attacke...

Apache Hive and Spark expose correct cookie signatures during signature mismatch errors, potentially allowing attackers to forge valid signed cookies. This affects systems using Hive service or Spark ...