-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| apache-airflow-providers-apache-spark | pip | < 4.1.3 | 4.1.3 |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from misconfiguration risks rather than specific code flaws. The provided commit (6850b5c) only adds a documentation warning about trusting host settings in Spark connections, indicating the core issue is improper access control to Spark hook configuration (CWE-829) combined with potential deserialization risks (CWE-502) when connecting to untrusted servers. No code changes were made in the patch, and the advisory doesn't identify specific functions handling deserialization or server communication. The vulnerability manifests through the ability to configure connection parameters (like host) rather than a specific function with insecure deserialization logic. Without explicit code examples or function-level patches, we cannot confidently pinpoint vulnerable functions.
Ongoing coverage of React2Shell