by @Mudassar
22 Mar 2023

Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)

by @Mudassar
22 Mar 2023

Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891)

CVEs

8.8 High Severity

Apps

Spark
SparkApache
2.0.0.167.*
2.11.18.*
2.11.23.*
2.11.22.*
2.11.21.*
2.11.20.*
2.11.12.*
*.*
2.9.24.*
2.11.6.*

Screenshots from the blog posts

blog-posts/images/clfj3jbjmewhu0kqjeks43wmd.pngblog-posts/images/clfj3jbjmewhu0kqjeks43wmd.png

Summary

The Apache Spark command injection vulnerability (CVE-2022-33891) was discovered by the Sangfor FarSight Labs team and reported to the Apache Spark project team on July 18, 2022. The vulnerability was classified as high severity, with a CVSS (Common Vulnerability Scaling System) Base Score of 8.8, indicating a high potential impact.

Description

@Mudassar

1 post

Total vcoins

1.2K

Comments (0)