I was going through this and CVE-2018-1334 vulnerabilities
As per mitigation plan advised to upgrade to 2.2.2 and 2.3.1, but from the
release notes I don’t find any reference against these vulnerabilities.Can
some one please provide me the jira ID against which these issues are fixed.
Regards
San
Severity: Medium
Vendor: The Apache Software Foundation
Versions Affected:
Spark versions through 2.1.2
Spark 2.2.0 through 2.2.1
Spark 2.3.0
Description:
In Apache Spark up to and including 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's
possible for a malicious user to construct a URL pointing to a Spa
