支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2022-33891 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Apache Spark shell command injection vulnerability via Spark UI
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache Spark 操作系统操作系统命令注入漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache Spark是美国阿帕奇(Apache)基金会的一款支持非循环数据流和内存计算的大规模数据处理引擎。 Apache Spark 存在操作系统命令注入漏洞,该漏洞源于Apache Spark UI中的 ACL 功能中的输入验证不正确。远程攻击者利用该漏洞可以请求特制 URL 并在目标系统上执行任意操作系统命令。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
Apache Software FoundationApache Spark 3.0.3 and earlier ~ 3.0.3 -
二、漏洞 CVE-2022-33891 的公开POC
#POC 描述源链接神龙链接
1cve-2022-33891-pochttps://github.com/W01fh4cker/cve-2022-33891POC详情
2Apache Spark Shell Command Injection Vulnerabilityhttps://github.com/HuskyHacks/cve-2022-33891POC详情
3Apache Spark Command Injection PoC Exploit for CVE-2022-33891https://github.com/west-wind/CVE-2022-33891POC详情
4Nonehttps://github.com/AkbarTrilaksana/cve-2022-33891POC详情
5Apache Spark RCEhttps://github.com/llraudseppll/cve-2022-33891POC详情
6「💥」CVE-2022-33891 - Apache Spark Command Injectionhttps://github.com/AmoloHT/CVE-2022-33891POC详情
7CVE-2022-33891 Exploit For Apache Sparkhttps://github.com/DrLinuxOfficial/CVE-2022-33891POC详情
8Apache Spark RCE - CVE-2022-33891https://github.com/Vulnmachines/Apache-spark-CVE-2022-33891POC详情
9For CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherdhttps://github.com/ps-interactive/lab_security_apache_spark_emulation_detectionPOC详情
10Nonehttps://github.com/IMHarman/CVE-2022-33891POC详情
11Nonehttps://github.com/elsvital/cve-2022-33891-fixPOC详情
12A PoC exploit for CVE-2022-33891 - Apache Spark UI Remote Code Execution (RCE)https://github.com/K3ysTr0K3R/CVE-2022-33891-EXPLOITPOC详情
13PoC for CVE-2022-33891https://github.com/nanaao/CVE-2022-33891POC详情
14Nonehttps://github.com/asepsaepdin/CVE-2022-33891POC详情
15Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-33891.yamlPOC详情
16Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Apache%20Spark%20doAs%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-33891.mdPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2022-33891 的情报信息
Please 登录 to view more intelligence information
四、漏洞 CVE-2022-33891 的评论
匿名用户
2025-09-01 09:24:40

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) glasses Okotoks

匿名用户
2025-10-14 17:17:44

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) blue light blocker Okotoks

匿名用户
2025-10-16 18:24:15

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) eyeglasses calgary https://www.fantasticglasses.ca/

匿名用户
2025-10-17 20:21:16

Fantatic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) optical Okotoks

匿名用户
2026-02-09 13:33:36

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) eyeglasses calgary https://www.fantasticglasses.ca/

匿名用户
2026-03-19 05:12:42

Fantastic Glasses unit 401 235 Milliga Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) sunglasses Okotoks

匿名用户
2026-03-26 03:04:13

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) eye exam near me https://www.fantasticglasses.ca/

匿名用户
2026-03-29 06:42:56

Fantastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) progressive lenses Okotoks

匿名用户
2026-04-18 15:36:41

Fantrastic Glasses unit 401 235 Milligan Dr Okotoks, AB T1S 0B8 info@fantasticglasses.ca 587-997-EYES(3937) free eye teet calgary https://www.fantasticglasses.ca/

发表评论