—

PYSEC-2019-169

상세

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pyspark

최초 영향 버전: 2.3.0 수정 버전: 2.3.2

수정 pip install --upgrade 'pyspark>=2.2.3'

참고

https://lists.apache.org/thread.html/a86ee93d07b6f61b82b61a28049aed311f5cc9420d26cc95f1a9de7b@%3Cuser.spark.apache.org%3E [WEB]
http://www.securityfocus.com/bid/106786 [WEB]
https://lists.apache.org/thread.html/6d015e56b3a3da968f86e0b6acc69f17ecc16b499389e12d8255bf6e@%3Ccommits.spark.apache.org%3E [WEB]
https://github.com/advisories/GHSA-fvxv-9xxr-h7wj [ADVISORY]