Apache · Apache Spark · CVE-2016-9177
**Name of the Vulnerable Software and Affected Versions**
Apache Spark version 2.5
**Description**
A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the URI.
**Recommendations**
For Apache Spark version 2.5, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available.