CVE 2019-10099

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.

See the CVE page on for more details.