N/A

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.

N/A

N/A

Apache Spark 授权问题漏洞

Apache Spark是美国阿帕奇（Apache）软件基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark中存在安全漏洞。攻击者可通过发送特制的请求利用该漏洞在‘master’主机上执行代码。

N/A

N/A