CVE-2018-9159

Name: CVE-2018-9159
Creator: NVD / NIST
Published: 2018-03-31T21:29:00.373+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.60%

Last modified Jun 17, 2026

CVE-2018-9159 is a vulnerability of currently unknown severity. In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.. EPSS estimates a 4.60% chance of exploitation in the next 30 days.

Description

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.

Metrics

EPSS Probability

4.60%

90.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Sparkjava	Spark	< 2.7.2

References

http://sparkjava.com/news#spark-272-releasedVendor Advisory
https://access.redhat.com/errata/RHSA-2018:2020Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2405Third Party Advisory
https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668Patch, Third Party Advisory
https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cdPatch, Third Party Advisory
https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863ccPatch, Third Party Advisory
https://github.com/perwendel/spark/issues/981Issue Tracking, Third Party Advisory
http://sparkjava.com/news#spark-272-releasedVendor Advisory
https://access.redhat.com/errata/RHSA-2018:2020Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2405Third Party Advisory
https://github.com/perwendel/spark/commit/030e9d00125cbd1ad759668f85488aba1019c668Patch, Third Party Advisory
https://github.com/perwendel/spark/commit/a221a864db28eb736d36041df2fa6eb8839fc5cdPatch, Third Party Advisory
https://github.com/perwendel/spark/commit/ce9e11517eca69e58ed4378d1e47a02bd06863ccPatch, Third Party Advisory
https://github.com/perwendel/spark/issues/981Issue Tracking, Third Party Advisory

Timeline

Published: Mar 31, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-9159?

How severe is CVE-2018-9159?

Severity scoring for CVE-2018-9159 is pending analysis. The EPSS model estimates a 4.60% probability of exploitation in the next 30 days.

How do I fix CVE-2018-9159?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-9159?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST