Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Spark 安全漏洞
Vulnerability Description
Apache Spark是美国阿帕奇(Apache)软件基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 1.6.0版本至2.1.1版本中存在安全漏洞,该漏洞源于程序没有安全的反序列化数据。攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A