CVE-2018-1334

CVE-2018-1334 is a unknown vulnerability published on July 12, 2018. In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.

CVE-2018-1334 was first published in the National Vulnerability Database on July 12, 2018, with the most recent update on November 21, 2024. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2018-1334, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.