Affecting org.apache.spark:spark-core artifact, versions [1.3.0, 2.4.0-rc4)
org.apache.spark:spark-core is a cluster computing system for Big Data.
Affected versions of this package are vulnerable to Information Exposure.
A specially-crafted request to the
zinc server could cause it to reveal information in files readable to the developer account running the build.
Note This vulnerability only affects developers building Spark from source code, and does not affect Spark end users.
Upgrade org.apache.spark:spark-core to version 2.4.0-rc4 or higher.