CVE-2022-33891

Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. Vendor/Product: Apache Spark. Added to CISA KEV 2023-03-07; required action: Apply updates per vendor instructions.