CVE-2022-33891 ACLs can be enabled via the configuration option spark.acls.enable. An authentication filter checks whether a user has access permissions to the application.
There is no known way to exploit this vulnerability if Apache Spark is installed with a different user name than the one configured on the
CVE-2022-33980 The Apache Commons Configuration module performs variable interpolation, expanding properties.
or a later version. Apache Commons Configuration supports interpolation of various data types, such as date and number formats. The format for interpolation of date
CVE-2022-32532 - How Misconfigured Regex Can Let Hackers Bypass Authorization in Apache Shiro (Before 1.9.1)
Apache Shiro is a popular security framework for Java, commonly used to handle authentication and authorization in web applications. In 2022, the project disclosed a
CVE-2022-32999 The cloudlabeling package was discovered to contain a code execution backdoor.
The cloudlabeling package is the most commonly used software package management tool in the Python ecosystem and actively maintained by the Python community. PyPI is
CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
Episode
00:00:00
00:00:00