Affecting org.apache.spark:spark-core artifact, versions [,2.3.3)
org.apache.spark:spark-core is a cluster computing system for Big Data.
Affected versions of this package are vulnerable to Information Exposure.
In certain situations Spark would write user data to local disk unencrypted, even if
spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by
spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
org.apache.spark:spark-core to version 2.3.3 or higher.