CVE-2022-33891 - Apache Spark Command Injection Vulnerability
Project:Apache
Product:Spark
Date Added:2023-03-07Due Date:2023-03-28
Vulnerability Name
Apache Spark Command Injection Vulnerability
Description
Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
https://nvd.nist.gov/vuln/detail/CVE-2022-33891
Related News Articles
Hackers use PoC exploits in attacks 22 minutes after releaseJuly 13, 2024