Known Vulnerabilities for Spark by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Spark" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-50030 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Spark M... | Not Provided | 2025-06-20 | 2026-04-01 |
| CVE-2025-32670 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF F... | Not Provided | 2025-04-17 | 2026-04-01 |
| CVE-2021-38296 | Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". I... | 7.5 - HIGH | 2022-03-10 | 2023-02-09 |
| CVE-2020-27223 | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing ... | 5.3 - MEDIUM | 2021-02-26 | 2023-11-07 |
| CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if ... | 4.8 - MEDIUM | 2020-11-28 | 2023-11-07 |
| CVE-2020-9480 | In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.... | 9.8 - CRITICAL | 2020-06-23 | 2023-11-07 |
| CVE-2019-20445 | HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length hea... | 9.1 - CRITICAL | 2020-01-29 | 2023-11-07 |
| CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-... | 7.5 - HIGH | 2019-11-18 | 2023-02-12 |
| CVE-2019-10099 | Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryptio... | 7.5 - HIGH | 2019-08-07 | 2023-11-07 |
| CVE-2018-11760 | When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user ru... | 5.5 - MEDIUM | 2019-02-04 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Spark | 3.1.1 | - | All | All |
| Application | Apache | Spark | 3.0.1 | All | All | All |
| Application | Apache | Spark | 3.0.0 | - | All | All |
| Application | Apache | Spark | 3.0.0 | rc1 | All | All |
| Application | Apache | Spark | 3.0.0 | rc2 | All | All |
| Application | Apache | Spark | 3.0.0 | rc3 | All | All |
| Application | Apache | Spark | 2.4.6 | - | All | All |
| Application | Apache | Spark | 2.4.6 | rc1 | All | All |
| Application | Apache | Spark | 2.4.6 | rc2 | All | All |
| Application | Apache | Spark | 2.4.6 | rc3 | All | All |
| Application | Apache | Spark | 2.4.6 | rc4 | All | All |
| Application | Apache | Spark | 2.4.6 | rc5 | All | All |
| Application | Apache | Spark | 2.4.6 | rc6 | All | All |
| Application | Apache | Spark | 2.4.6 | rc7 | All | All |
| Application | Apache | Spark | 2.4.6 | rc8 | All | All |
| Application | Apache | Spark | 2.4.5 | - | All | All |
| Application | Apache | Spark | 2.4.5 | rc1 | All | All |
| Application | Apache | Spark | 2.4.5 | rc2 | All | All |
| Application | Apache | Spark | 2.4.4 | - | All | All |
| Application | Apache | Spark | 2.4.4 | rc1 | All | All |