CVE-2018-11804

Опубликовано: 24 окт. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code.

Ссылки

http://www.securityfocus.com/bid/105756
Broken Link
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
Mailing List
Third Party Advisory
https://spark.apache.org/security.html#CVE-2018-11804
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/105756
Broken Link
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/2b11aa4201e36f2ec8f728e722fe33758410f07784379cbefd0bda9d%40%3Cdev.spark.apache.org%3E
Mailing List
Third Party Advisory
https://spark.apache.org/security.html#CVE-2018-11804
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*

Версия от 1.3.0 (включая) до 2.2.3 (исключая)

cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 2.3.3 (исключая)

EPSS

Процентиль: 72%

0.00716

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-11804

CVSS3: 7.5

debian

больше 7 лет назад

Spark's Apache Maven-based build includes a convenience script, 'build ...

GHSA-62g2-m955-v383

CVSS3: 7.5

github

больше 3 лет назад

Improper Input Validation in Apache Spark

EPSS

Процентиль: 72%

0.00716

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo