User Impersonation Affecting pyspark package, versions [,2.2.3) [2.3.0, 2.3.2)


0.0
medium

Snyk CVSS

    Attack Complexity High

    Threat Intelligence

    EPSS 0.04% (6th percentile)
Expand this section
NVD
5.5 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-PYSPARK-73649
  • published 4 Feb 2019
  • disclosed 4 Feb 2019
  • credit Luca Canali, Jose Carlos Luna Duran

How to fix?

Upgrade pyspark to version 2.2.3, 2.3.2 or higher.

Overview

pyspark is a fast and general cluster computing system for Big Data.

Affected versions of this package are vulnerable to User Impersonation. It is possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.