Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/182397?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/182397?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.1.0-beta", "type": "maven", "namespace": "org.apache.hadoop", "name": "hadoop-main", "version": "2.1.0-beta", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.2", "latest_non_vulnerable_version": "3.3.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40672?format=api", "vulnerability_id": "VCID-66vn-51hs-kudx", "summary": "Information Exposure\nIn Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69144", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00574", "scoring_system": "epss", "scoring_elements": "0.69104", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1296" }, { "reference_url": "https://github.com/advisories/GHSA-v569-g72v-q434", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v569-g72v-q434" }, { "reference_url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E" }, { "reference_url": "http://www.securityfocus.com/bid/106764", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/106764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671291", "reference_id": "1671291", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671291" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1296", "reference_id": "CVE-2018-1296", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57227?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-371e-cg9e-tydr" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-7y7d-vb5r-qfgs" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/57420?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-371e-cg9e-tydr" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57421?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-371e-cg9e-tydr" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57422?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1" } ], "aliases": [ "CVE-2018-1296", "GHSA-v569-g72v-q434" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66vn-51hs-kudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102078?format=api", "vulnerability_id": "VCID-815s-stdq-zkd7", "summary": "hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.8686", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86837", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25168" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746" }, { "reference_url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25168", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25168" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0007/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119084", "reference_id": "2119084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119084" }, { "reference_url": "https://github.com/advisories/GHSA-8wm5-8h9c-47pc", "reference_id": "GHSA-8wm5-8h9c-47pc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wm5-8h9c-47pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/504187?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/504188?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.2.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/504189?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-z97m-zrtk-7qcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.3.3" } ], "aliases": [ "CVE-2022-25168", "GHSA-8wm5-8h9c-47pc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-815s-stdq-zkd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42300?format=api", "vulnerability_id": "VCID-h4py-1vy2-8uhg", "summary": "Incorrect Authorization\nIn Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28957", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28886", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d" }, { "reference_url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210304-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210304-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210304-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210304-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237", "reference_id": "1925237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492", "reference_id": "CVE-2020-9492", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492" }, { "reference_url": "https://github.com/advisories/GHSA-f8vc-wfc8-hxqh", "reference_id": "GHSA-f8vc-wfc8-hxqh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8vc-wfc8-hxqh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5606", "reference_id": "RHSA-2022:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79600?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79601?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/79602?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.2" } ], "aliases": [ "CVE-2020-9492", "GHSA-f8vc-wfc8-hxqh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4py-1vy2-8uhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39317?format=api", "vulnerability_id": "VCID-ryz9-55qq-cyd9", "summary": "Information Exposure\nVulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40881", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40958", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713" }, { "reference_url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713", "reference_id": "CVE-2017-15713", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713" }, { "reference_url": "https://github.com/advisories/GHSA-3v44-382q-55f4", "reference_id": "GHSA-3v44-382q-55f4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v44-382q-55f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54938?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-371e-cg9e-tydr" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-66vn-51hs-kudx" }, { "vulnerability": "VCID-7y7d-vb5r-qfgs" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57231?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-371e-cg9e-tydr" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-66vn-51hs-kudx" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.3" } ], "aliases": [ "CVE-2017-15713", "GHSA-3v44-382q-55f4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryz9-55qq-cyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40552?format=api", "vulnerability_id": "VCID-zpwc-yx94-k3b8", "summary": "Incorrect Permission Assignment for Critical Resource\nIn Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4391", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00214", "scoring_system": "epss", "scoring_elements": "0.4398", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3166" }, { "reference_url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3166", "reference_id": "CVE-2017-3166", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3166" }, { "reference_url": "https://github.com/advisories/GHSA-99qr-9cc9-fv2x", "reference_id": "GHSA-99qr-9cc9-fv2x", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99qr-9cc9-fv2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54936?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-66vn-51hs-kudx" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-db4t-grfx-eqc6" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.3" } ], "aliases": [ "CVE-2017-3166", "GHSA-99qr-9cc9-fv2x" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpwc-yx94-k3b8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51876?format=api", "vulnerability_id": "VCID-gb78-rqjr-67ft", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nIn Apache Hadoop, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01294", "scoring_system": "epss", "scoring_elements": "0.80023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01294", "scoring_system": "epss", "scoring_elements": "0.80049", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11768" }, { "reference_url": "https://hadoop.apache.org/cve_list.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hadoop.apache.org/cve_list.html" }, { "reference_url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764650", "reference_id": "1764650", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764650" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11768", "reference_id": "CVE-2018-11768", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11768" }, { "reference_url": "https://github.com/advisories/GHSA-hx83-rpqf-m267", "reference_id": "GHSA-hx83-rpqf-m267", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx83-rpqf-m267" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/182397?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.1.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-66vn-51hs-kudx" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zpwc-yx94-k3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.1.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/57225?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57224?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57223?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-gb78-rqjr-67ft" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76025?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-main@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.2" } ], "aliases": [ "CVE-2018-11768", "GHSA-hx83-rpqf-m267" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb78-rqjr-67ft" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.1.0-beta" }