search

AbsaOSS / spline-spark-agent

Spline agent for Apache Spark
https://absaoss.github.io/spline/
Apache License 2.0
175 stars 90 forks source link

[Snyk] Security upgrade org.apache.spark:spark-sql_2.12 from 2.4.8 to 3.5.0 #796

Closed wajda closed 3 months ago

wajda commented 3 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity | Reachability :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **560/1000**
**Why?** Has a fix available, CVSS 8.2 | XML External Entity (XXE) Injection
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **525/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **520/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **520/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **415/1000**
**Why?** Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **520/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **705/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Mature | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **563/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **555/1000**
**Why?** Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **630/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Deserialization of Untrusted Data
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **590/1000**
**Why?** Has a fix available, CVSS 8.8 | Integer Overflow
[SNYK-JAVA-COMGOOGLEPROTOBUF-173761](https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **525/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMGOOGLEPROTOBUF-2331703](https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **435/1000**
**Why?** Has a fix available, CVSS 5.7 | Denial of Service (DoS)
[SNYK-JAVA-COMGOOGLEPROTOBUF-3040284](https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **525/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JAVA-COMGOOGLEPROTOBUF-3167772](https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **335/1000**
**Why?** Has a fix available, CVSS 3.7 | Information Exposure
[SNYK-JAVA-COMMONSCODEC-561518](https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **525/1000**
**Why?** Has a fix available, CVSS 7.5 | Arbitrary Command Execution
[SNYK-JAVA-ORGAPACHESPARK-2432301](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESPARK-2432301) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **740/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.8 | Command Injection
[SNYK-JAVA-ORGAPACHESPARK-2774680](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESPARK-2774680) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Mature | No Path Found ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **420/1000**
**Why?** Has a fix available, CVSS 5.4 | Cross-site Scripting (XSS)
[SNYK-JAVA-ORGAPACHESPARK-3097693](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESPARK-3097693) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **520/1000**
**Why?** Has a fix available, CVSS 7.4 | Improper Privilege Management
[SNYK-JAVA-ORGAPACHESPARK-5425123](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESPARK-5425123) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **665/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.8 | Command Injection
[SNYK-JAVA-ORGAPACHESPARK-5496635](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHESPARK-5496635) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | Proof of Concept | No Path Found ![critical severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/c.png "critical severity") | **640/1000**
**Why?** Has a fix available, CVSS 9.8 | Improper Input Validation
[SNYK-JAVA-ORGCODEHAUSJACKSON-3326362](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-3326362) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **525/1000**
**Why?** Has a fix available, CVSS 7.5 | XML External Entity (XXE) Injection
[SNYK-JAVA-ORGCODEHAUSJACKSON-534878](https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJACKSON-534878) | `org.apache.spark:spark-sql_2.12:`
`2.4.8 -> 3.5.0`
| Yes | No Known Exploit | No Path Found (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/wajda/project/1f1d180b-08db-45d0-bc58-4394bc71392b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/wajda/project/1f1d180b-08db-45d0-bc58-4394bc71392b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"9cc88512-4f1e-48a4-88bd-57f880cbe098","prPublicId":"9cc88512-4f1e-48a4-88bd-57f880cbe098","dependencies":[{"name":"org.apache.spark:spark-sql_2.12","from":"2.4.8","to":"3.5.0"}],"packageManager":"maven","projectPublicId":"1f1d180b-08db-45d0-bc58-4394bc71392b","projectUrl":"https://app.snyk.io/org/wajda/project/1f1d180b-08db-45d0-bc58-4394bc71392b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888","SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMGOOGLEPROTOBUF-173761","SNYK-JAVA-COMGOOGLEPROTOBUF-2331703","SNYK-JAVA-COMGOOGLEPROTOBUF-3040284","SNYK-JAVA-COMGOOGLEPROTOBUF-3167772","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGAPACHESPARK-2432301","SNYK-JAVA-ORGAPACHESPARK-2774680","SNYK-JAVA-ORGAPACHESPARK-3097693","SNYK-JAVA-ORGAPACHESPARK-5425123","SNYK-JAVA-ORGAPACHESPARK-5496635","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878"],"upgrade":["SNYK-JAVA-COMFASTERXMLJACKSONCORE-1009829","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1047324","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427","SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931","SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044","SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207","SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917","SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617","SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943","SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980","SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500","SNYK-JAVA-COMFASTERXMLJACKSONCORE-548451","SNYK-JAVA-COMFASTERXMLJACKSONCORE-559094","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560762","SNYK-JAVA-COMFASTERXMLJACKSONCORE-560766","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561362","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561373","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561585","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561586","SNYK-JAVA-COMFASTERXMLJACKSONCORE-561587","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564887","SNYK-JAVA-COMFASTERXMLJACKSONCORE-564888","SNYK-JAVA-COMFASTERXMLJACKSONCORE-570625","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572300","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572314","SNYK-JAVA-COMFASTERXMLJACKSONCORE-572316","SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407","SNYK-JAVA-COMFASTERXMLJACKSONCORE-608664","SNYK-JAVA-COMGOOGLEPROTOBUF-173761","SNYK-JAVA-COMGOOGLEPROTOBUF-2331703","SNYK-JAVA-COMGOOGLEPROTOBUF-3040284","SNYK-JAVA-COMGOOGLEPROTOBUF-3167772","SNYK-JAVA-COMMONSCODEC-561518","SNYK-JAVA-ORGAPACHESPARK-2432301","SNYK-JAVA-ORGAPACHESPARK-2774680","SNYK-JAVA-ORGAPACHESPARK-3097693","SNYK-JAVA-ORGAPACHESPARK-5425123","SNYK-JAVA-ORGAPACHESPARK-5496635","SNYK-JAVA-ORGCODEHAUSJACKSON-3326362","SNYK-JAVA-ORGCODEHAUSJACKSON-534878"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[563,563,560,555,555,630,563,630,563,630,563,630,630,563,563,630,630,555,525,520,520,630,555,555,520,705,555,555,555,555,630,630,630,563,563,563,630,563,563,563,563,563,563,563,563,555,630,415,590,525,435,525,335,525,740,420,520,665,640,525],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Deserialization of Untrusted Data](https://learn.snyk.io/lesson/insecure-deserialization/?loc=fix-pr) 🦉 [XML External Entity (XXE) Injection](https://learn.snyk.io/lesson/xxe/?loc=fix-pr) 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)
sonarcloud[bot] commented 3 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud