QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-17190

Back to search

CVE-2018-17190

Published: Nov 19, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.

VendorProductVersions

Apache Software Foundation

Apache Spark

affected
All versions

References

105976
vdb-entry
x_refsource_BID
GLSA-201903-21
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now