Cybersecurity Alerts

Apache Spark Command Injection Vulnerability

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-78

References

• https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
• https://nvd.nist.gov/vuln/detail/CVE-2022-33891