Back to search
CVE-2018-9159
Published: Mar 31, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/perwendel/spark/issues/981
x_refsource_MISC
RHSA-2018:2020
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2405
vendor-advisory
x_refsource_REDHAT
http://sparkjava.com/news#spark-272-released
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now