Help Center/ Data Lake Insight/ FAQs/ DLI Basics/ Is DLI Affected by the Apache Spark Command Injection Vulnerability (CVE-2022-33891)?

Updated on 2024-11-15 GMT+08:00

View PDF

Is DLI Affected by the Apache Spark Command Injection Vulnerability (CVE-2022-33891)?

No.

The spark.acls.enable configuration item is not used in DLI. The Apache Spark command injection vulnerability (CVE-2022-33891) does not exist in DLI.

This vulnerability mainly affects data security by allowing the execution of commands with arbitrary usernames when ACL is enabled.

DLI was designed with data security and isolation in mind, and therefore, the relevant configuration items are not enabled, so it is not affected by this vulnerability.

Parent topic: DLI Basics

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot