Apache Spark configured with spark.acls.enable set to true is vulnerable to remote code execution via the doAs paramater.
This TTP attempts to access the doAs paramater, if it does successfully then it will attempt to run a shell command.
This exploit is very easy to use, reliable and effects many Apache Spark versions.
View Command
To view this TTPs command, you must be logged in with a professional or enterprise license.