mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-15 15:58:01 +02:00
0xMarcio
1.1 KiB
1.1 KiB
CVE-2018-9159
Description
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AmiraliSajadi/iris-fork
- https://github.com/Liby99/cwe-bench-java
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/iris-sast/cwe-bench-java
- https://github.com/iris-sast/iris
- https://github.com/shoucheng3/perwendel__spark_CVE-2018-9159_2-7-1
- https://github.com/shoucheng3/perwendel__spark_CVE-2018-9159_2_7_2_fixed