Org.apache.spark:spark-core_2.10

This hub aggregates every CVE we track for Org.apache.spark:spark-core_2.10, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM5HIGH2CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 8 most recently published vulnerabilities affecting Org.apache.spark:spark-core_2.10.

CVE-2022-31777Apache Spark XSS vulnerability in log viewer UI Javascript5.4Nov 1, 2022
CVE-2018-17190In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execu...9.8Nov 19, 2018
CVE-2018-11804Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up ...7.5Oct 24, 2018
CVE-2018-11770From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property '...4.2Aug 13, 2018
CVE-2018-8024In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tr...5.4Jul 12, 2018
CVE-2018-1334In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user runnin...4.7Jul 12, 2018
CVE-2017-12612In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentia...7.8Sep 13, 2017
CVE-2017-7678In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits d...6.1Jul 12, 2017

Product normalization is registry-driven with AI assist and human review. How it works