CVE-2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
Configurations

Configuration 1

cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*

Information

Published : 2019-08-07 05:15

Updated : 2022-04-22 08:11


NVD link : CVE-2019-10099

Mitre link : CVE-2019-10099

Products Affected
No products.
CWE
CWE-312

Cleartext Storage of Sensitive Information