Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-10099

Опубликовано: 07 авг. 2019
Источник: debian
EPSS Низкий

Описание

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache-sparkitppackage

EPSS

Процентиль: 67%
0.00542
Низкий

Связанные уязвимости

nvd логотип

CVE-2019-10099

CVSS3: 7.5
nvd
больше 6 лет назад

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

github логотип

GHSA-fp5j-3fpf-mhj5

CVSS3: 7.5
github
больше 6 лет назад

Sensitive data written to disk unencrypted in Spark

EPSS

Процентиль: 67%
0.00542
Низкий