HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled from 0, <= 3.0.3
HIGH8.8CVE-2022-33891⚠ KEVApache Spark UI can allow impersonation if ACLs enabled from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.1.3
CRITICAL9.9CVE-2023-22946Apache Spark proxy-user privilege escalation from malicious configuration class from 0, < 3.3.2
CRITICAL9.9CVE-2023-22946Apache Spark proxy-user privilege escalation from malicious configuration class from 0, < 3.4.0
from 0, < 2.4.6
from 0, < 2.4.6
HIGH8.8CVE-2023-32007Apache Spark: Shell command injection via Spark UI from 0, < 3.1.1, >= 3.2.0, < 3.2.2, >= 3.1.1, < 3.2.0
HIGH8.8CVE-2023-32007Apache Spark: Shell command injection via Spark UI >= 3.1.1, < 3.2.2
HIGH7.8CVE-2017-12612Apache Spark Deserialization of Untrusted Data vulnerability from 0, < 2.1.2
HIGH7.8CVE-2017-12612Apache Spark Deserialization of Untrusted Data vulnerability from 0, < 2.1.2
from 0, < 3.1.3
from 0, < 3.1.3
HIGH7.5CVE-2019-10099Sensitive data written to disk unencrypted in Spark from 0, < 2.3.3
HIGH7.5CVE-2019-10099Sensitive data written to disk unencrypted in Spark from 0, < 2.3.3
MEDIUM6.5CVE-2025-55039Apache Spark has Inadequate Encryption Strength from 0, < 3.4.4, >= 3.5.0, < 3.5.2
>= 2.3.0, < 2.3.2, >= 1.0.2, < 2.2.3
>= 2.3.0, < 2.3.2
from 0, < 3.2.2
from 0, < 3.2.2
MEDIUM4.7CVE-2018-1334Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark >= 2.2.0, < 2.2.2, from 0, < 2.1.3
MEDIUM4.7CVE-2018-1334Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark >= 2.2.0, < 2.2.2