pkg:Bitnami/spark

All known vulnerabilities

• HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled
  from 0, < 3.0.4, >= 3.1.1, < 3.1.3, >= 3.2.0, < 3.2.2
• CRITICAL9.9CVE-2023-22946Apache Spark proxy-user privilege escalation from malicious configuration class
  from 0, < 3.4.0
• CRITICAL9.8CVE-2020-9480Improper Authentication in Apache Spark
  from 0, < 2.4.6
• HIGH8.8CVE-2025-54920Apache Spark: Spark History Server Code Execution Vulnerability
  from 0, < 3.5.7, >= 4.0.0, < 4.0.1
• HIGH8.8CVE-2023-32007Apache Spark: Shell command injection via Spark UI
  from 0, < 3.0.4, >= 3.1.1, < 3.1.4, >= 3.2.0, < 3.2.2
• HIGH7.5CVE-2021-38296Apache Spark Key Negotiation Vulnerability
  from 0, < 3.1.3
• MEDIUM5.4CVE-2022-31777Apache Spark vulnerable to Log Injection
  from 0, < 3.2.2, >= 3.3.0, < 3.3.1
• MEDIUM5.3CVE-2020-27223DOS vulnerability for Quoted Quality CSV headers
  >= 3.1.1, < 3.1.2
• MEDIUM4.8CVE-2020-27218Buffer not correctly recycled in Gzip Request inflation
  >= 2.4.8, < 2.4.9, >= 3.0.3, < 3.0.4