漏洞描述
Apache Spark shell存在命令注入漏洞。该漏洞是由于启用ACL时,应用程序对请求数据验证不足导致的。
Apache Spark shell doAs 命令注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-8024: Apache Spark UI - Cross-Site Scripting
- POC CVE-2022-33891: Apache Spark UI - Remote Command Injection
- POC CVE-2022-33891: Apache Spark UI - Remote Command Injection
- POC CVE-2023-32007: Apache Spark远程代码执行漏洞
- POC CVE-2020-9480: Apache Spark - Authentication Bypass
- POC apachespark-ui-exposed: Apache Spark Application UI - Exposed
- Apache Spark-未授权命令执行(CVE-2022-33891)
- Apache Spark-未授权命令执行