CVE-2018-17190 is a vulnerability in Apache Spark
Published on November 19, 2018
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, however, cause the master to execute code too. Note that this does not affect standalone clusters with authentication enabled. While the master host typically has less outbound access to other resources than a worker, the execution of code on the master is nevertheless unexpected.
Products Associated with CVE-2018-17190
Want to know whenever a new CVE is published for Apache Spark? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Spark Version All versions is affected by CVE-2018-17190Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.