← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-33891 — Actively Exploited: Spark (Apache)

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

CVE IDCVE-2022-33891
VendorApache
ProductSpark
Vulnerability nameApache Spark Command Injection Vulnerability
Date added2023-03-07
Remediation due2023-03-28
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionApache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →