Known Vulnerabilities for Spark by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Spark" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6213 json | A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and a... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2026-1743 json | A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is ... | Not Provided | 2026-02-02 | 2026-02-23 |
| CVE-2025-50030 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Spark M... | Not Provided | 2025-06-20 | 2026-04-23 |
| CVE-2025-32670 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Parnell Spark GF F... | Not Provided | 2025-04-17 | 2026-04-23 |
| CVE-2023-32007 json | ** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.... | 8.8 - HIGH | 2023-05-02 | 2023-05-10 |
| CVE-2023-22946 json | In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privi... | 9.9 - CRITICAL | 2023-04-17 | 2023-04-26 |
| CVE-2022-33891 json | The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authenticat... | 8.8 - HIGH | 2022-07-18 | 2023-08-02 |
| CVE-2022-31777 json | A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to ex... | 5.4 - MEDIUM | 2022-11-01 | 2022-11-29 |
| CVE-2021-38296 json | Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". I... | 7.5 - HIGH | 2022-03-10 | 2023-02-09 |
| CVE-2020-27223 json | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing ... | 5.3 - MEDIUM | 2021-02-26 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Spark | 3.1.1 | |||
| Application | Apache | Spark | 3.0.1 | |||
| Application | Apache | Spark | 3.0.0 | |||
| Application | Apache | Spark | 3.0.0 | |||
| Application | Apache | Spark | 3.0.0 | |||
| Application | Apache | Spark | 3.0.0 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.6 | |||
| Application | Apache | Spark | 2.4.5 | |||
| Application | Apache | Spark | 2.4.5 | |||
| Application | Apache | Spark | 2.4.5 | |||
| Application | Apache | Spark | 2.4.4 | |||
| Application | Apache | Spark | 2.4.4 |