Is DLI Affected by the Apache Spark Command Injection Vulnerability (CVE-2022-33891)?
No.
The spark.acls.enable configuration item is not used in DLI. The Apache Spark command injection vulnerability (CVE-2022-33891) does not exist in DLI.
This vulnerability mainly affects data security by allowing the execution of commands with arbitrary usernames when ACL is enabled.
DLI was designed with data security and isolation in mind, and therefore, the relevant configuration items are not enabled, so it is not affected by this vulnerability.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
 
    