Status
Fixed version
3.5.4-r31Status
Impact
This vulnerability relates to 'netty-codec-http2', which is used by one of spark's other dependencies - pyspark. This has been fixed in netty > v4.1.100, and spark has upgraded to a later version in main. However, attempts to backport to this release of spark, result in build failures. Awaiting for fix / backport from upstream to address this issue.
Status