Orangetwo

**Name of the Vulnerable Software and Affected Versions** Apache Spark versions prior to 2.7.2 **Description** A remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. **Recommendations** For versions prior to 2.7.2, update to version 2.7.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Eve (aka pyeve) versions prior to 0.7.5 Description: The issue allows remote attackers to execute arbitrary code via Code Injection in the `where` parameter. This is related to the `io/mongo/parser.py` file in Eve. Recommendations: For versions prior to 0.7.5, update to version 0.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `where` parameter in the affected API endpoint until the issue is resolved.