CVE-2022-33891 - Apache Spark Command Injection Vulnerability

: Apache | Spark

Date Added:
2023-03-07

Due Date:
2023-03-28

Vulnerability Name: Apache Spark Command Injection Vulnerability

Description: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply updates per vendor instructions.

Additional Notes: https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891

Related News Articles: Hackers use PoC exploits in attacks 22 minutes after releaseJuly 13, 2024

Free online web security scanner

Don't show website scan report rating on the leaderboard