[
https://issues.apache.org/jira/browse/SPARK-52122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Weichen Xu reassigned SPARK-52122:
----------------------------------
Assignee: Weichen Xu
> Fix DefaultParamsReader RCE vulnerability
> -----------------------------------------
>
> Key: SPARK-52122
> URL: https://issues.apache.org/jira/browse/SPARK-52122
> Project: Spark
> Issue Type: Sub-task
> Components: Connect, ML
> Affects Versions: 4.1.0
> Reporter: Weichen Xu
> Assignee: Weichen Xu
> Priority: Major
>
> Fix DefaultParamsReader RCE vulnerability:
> The metadata loading
> [https://github.com/apache/spark/blob/18aebd8eb86b554e7aab38baca1e5de24df19a57/mllib/src/main/scala/org/apache/spark/ml/util/ReadWrite.scala#L565]
> does not verify the class,
> and then the reflection invocation
> [https://github.com/apache/spark/blob/18aebd8eb86b554e7aab38baca1e5de24df19a57/mllib/src/main/scala/org/apache/spark/ml/util/ReadWrite.scala#L568]
> will trigger arbitrary code execution if malicious class name is written to
> a designed metadata file.
>
> This become a security vulnerability because the code is executed in Spark
> driver which might be run as ROOT permission.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
