forked from docs/doc-exports
Su, Xiaomeng
3a07c40729
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com> Co-authored-by: Su, Xiaomeng <suxiaomeng1@huawei.com> Co-committed-by: Su, Xiaomeng <suxiaomeng1@huawei.com>
1019 B
1019 B
Is DLI Affected by the Apache Spark Command Injection Vulnerability (CVE-2022-33891)?
No.
The spark.acls.enable configuration item is not used in DLI. The Apache Spark command injection vulnerability (CVE-2022-33891) does not exist in DLI.
This vulnerability mainly affects data security by allowing the execution of commands with arbitrary usernames when ACL is enabled.
DLI was designed with data security and isolation in mind, and therefore, the relevant configuration items are not enabled, so it is not affected by this vulnerability.
Parent topic: DLI Basics