{"id":"CVE-2019-10099","details":"Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.","aliases":["GHSA-fp5j-3fpf-mhj5","PYSEC-2019-114"],"modified":"2026-04-10T04:11:44.998865Z","published":"2019-08-07T17:15:12.073Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae%40%3Ccommits.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2%40%3Cissues.spark.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e%40%3Cuser.spark.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/spark","events":[{"introduced":"8fb6f00e195fb258f3f70f04756e07c259a2351f"},{"last_affected":"1e860747458d74a4ccbd081103a0542a2367b14b"},{"introduced":"13650fc58e1fcf2cf2a26ba11c819185ae1acc1f"},{"last_affected":"584354eaac02531c9584188b143367ba694b0c34"},{"introduced":"cd0a08361e2526519e7c131c42116bf56fa62c76"},{"last_affected":"b7eac07b957b9fdb8ecb318a2c6c9f8b354a2ee3"},{"introduced":"a2c7b2133cfee7fa9abfaa2bfbfb637155466783"},{"last_affected":"fc28ba3db7185e84b6dbd02ad8ef8f1d06b9e3c6"},{"introduced":"992447fb30ee9ebb3cf794f2d06f4d63a2d792db"},{"fixed":"02b510728c31b70e6035ad541bfcdc2b59dcd79a"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"last_affected":"1.6.3"},{"introduced":"2.0.0"},{"last_affected":"2.0.2"},{"introduced":"2.1.0"},{"last_affected":"2.1.3"},{"introduced":"2.2.0"},{"last_affected":"2.2.2"},{"introduced":"2.3.0"},{"fixed":"2.3.2"}]}}],"versions":["v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.1.2","v2.1.2-rc1","v2.1.2-rc2","v2.1.2-rc3","v2.1.2-rc4","v2.1.3","v2.1.3-rc1","v2.1.3-rc2","v2.2.0","v2.2.1","v2.2.1-rc1","v2.2.1-rc2","v2.2.2","v2.2.2-rc1","v2.2.2-rc2","v2.3.0","v2.3.1","v2.3.1-rc1","v2.3.1-rc2","v2.3.1-rc3","v2.3.1-rc4","v2.3.2-rc1","v2.3.2-rc2","v2.3.2-rc3","v2.3.2-rc4","v2.3.2-rc5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10099.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}