{"id":"PYSEC-2019-169","details":"When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.","aliases":["CVE-2018-11760","GHSA-fvxv-9xxr-h7wj"],"modified":"2023-11-08T03:59:46.761283Z","published":"2019-02-04T17:29:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E"},{"type":"WEB","url":"http://www.securityfocus.com/bid/106786"},{"type":"WEB","url":"https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-fvxv-9xxr-h7wj"}],"affected":[{"package":{"name":"pyspark","ecosystem":"PyPI","purl":"pkg:pypi/pyspark"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.3.0"},{"fixed":"2.3.2"},{"introduced":"1.0.2"},{"fixed":"2.2.3"}]}],"versions":["2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2","2.3.0","2.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pyspark/PYSEC-2019-169.yaml"}}],"schema_version":"1.7.3"}