Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-08-07 17:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-10099
Mitre link : CVE-2019-10099
CVE.ORG link : CVE-2019-10099
JSON object : View
Products Affected
apache
- spark
CWE
CWE-312
Cleartext Storage of Sensitive Information