Apache · Apache Spark · CVE-2018-1334
**Name of the Vulnerable Software and Affected Versions**
Apache Spark versions 1.0.0 through 2.1.2
Apache Spark versions 2.2.0 through 2.2.1
Apache Spark version 2.3.0
**Description**
The issue allows a different local user to connect to the Spark application and impersonate the user running the application when using PySpark or SparkR.
**Recommendations**
For Apache Spark versions 1.0.0 through 2.1.2, update to a version outside of this range to resolve the issue.
For Apache Spark versions 2.2.0 through 2.2.1, update to a version outside of this range to resolve the issue.
For Apache Spark version 2.3.0, update to a version later than 2.3.0 to resolve the issue.