Readdle Spark
By the Year
In 2024 there have been 0 vulnerabilities in Readdle Spark . Spark did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 7.50 |
2021 | 0 | 0.00 |
2020 | 1 | 6.10 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Spark vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Readdle Spark Security Vulnerabilities
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled"
CVE-2021-38296
7.5 - High
- March 10, 2022
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later
Authentication Bypass by Capture-replay
The Spark application through 2.0.2 for Android
CVE-2019-12370
6.1 - Medium
- March 18, 2020
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Readdle Spark or by Readdle? Click the Watch button to subscribe.