Question 1

What is CVE-2022-33891 — Apache Spark Command Injection Vulnerability?

Accepted Answer

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Question 2

What is the authoritative source for CVE-2022-33891?

Accepted Answer

Apache Spark Command Injection Vulnerability (CVE-2022-33891) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2022-33891Apache Spark Command Injection Vulnerability

Description

Scoring

CISA KEV entry

(incoming)1

Related by meaning· 6