Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/215461?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/215461?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@0.23.4", "type": "maven", "namespace": "org.apache.hadoop", "name": "hadoop-common", "version": "0.23.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.0", "latest_non_vulnerable_version": "3.4.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43554?format=api", "vulnerability_id": "VCID-9j7c-z9ne-5ka5", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThis is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30166", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30189", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30264", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30228", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30196", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5001" }, { "reference_url": "http://seclists.org/oss-sec/2016/q4/698", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q4/698" }, { "reference_url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5001", "reference_id": "CVE-2016-5001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5001" }, { "reference_url": "https://github.com/advisories/GHSA-8r28-r8cp-g6cp", "reference_id": "GHSA-8r28-r8cp-g6cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r28-r8cp-g6cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62504?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9m74-x7cg" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-93kc-taze-nkb9" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62505?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wr2-9m74-x7cg" }, { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.2" } ], "aliases": [ "CVE-2016-5001", "GHSA-8r28-r8cp-g6cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9j7c-z9ne-5ka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40436?format=api", "vulnerability_id": "VCID-e4bh-g4w9-huax", "summary": "Path Traversal\nApache Hadoop is exploitable via the zip slip vulnerability in locations that accept a zip file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04616", "scoring_system": "epss", "scoring_elements": "0.89465", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04616", "scoring_system": "epss", "scoring_elements": "0.89466", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04616", "scoring_system": "epss", "scoring_elements": "0.89447", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04616", "scoring_system": "epss", "scoring_elements": "0.89464", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e" }, { "reference_url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432" }, { "reference_url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47" }, { "reference_url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f" }, { "reference_url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9" }, { "reference_url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde" }, { "reference_url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607" }, { "reference_url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6" }, { "reference_url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde" }, { "reference_url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2" }, { "reference_url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860" }, { "reference_url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1" }, { "reference_url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9" }, { "reference_url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://snyk.io/research/zip-slip-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "reference_url": "http://www.securityfocus.com/bid/105927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", "reference_id": "1593018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", "reference_id": "CVE-2018-8009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009" }, { "reference_url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3", "reference_id": "GHSA-6x48-j4x4-cqw3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63233?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/57014?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57015?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57016?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/57017?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1" } ], "aliases": [ "CVE-2018-8009", "GHSA-6x48-j4x4-cqw3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4bh-g4w9-huax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111232?format=api", "vulnerability_id": "VCID-fwdq-c1xp-cyfn", "summary": "Improper Authentication in Apache Hadoop\nThe RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31175", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31208", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31275", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31242", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31207", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2192" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Aug/251", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2013/Aug/251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326", "reference_id": "1001326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "reference_url": "https://github.com/advisories/GHSA-pxv5-5vmp-3jj4", "reference_id": "GHSA-pxv5-5vmp-3jj4", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxv5-5vmp-3jj4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0037", "reference_id": "RHSA-2014:0037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0400", "reference_id": "RHSA-2014:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0401", "reference_id": "RHSA-2014:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151683?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@0.23.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-wph5-16hk-jkbj" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/151682?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.6-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-wph5-16hk-jkbj" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.6-alpha" } ], "aliases": [ "CVE-2013-2192", "GHSA-pxv5-5vmp-3jj4" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwdq-c1xp-cyfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102555?format=api", "vulnerability_id": "VCID-mat4-6wje-zkdz", "summary": "hadoop-hdfs: Heap buffer overflow in Apache Hadoop libhdfs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01257", "scoring_system": "epss", "scoring_elements": "0.79737", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01257", "scoring_system": "epss", "scoring_elements": "0.79721", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01257", "scoring_system": "epss", "scoring_elements": "0.79747", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01257", "scoring_system": "epss", "scoring_elements": "0.79752", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37404" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37404", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37404" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220715-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097421", "reference_id": "2097421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097421" }, { "reference_url": "https://github.com/advisories/GHSA-rmpj-7c96-mrg8", "reference_id": "GHSA-rmpj-7c96-mrg8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmpj-7c96-mrg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61295?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/61294?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/149373?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2" } ], "aliases": [ "CVE-2021-37404", "GHSA-rmpj-7c96-mrg8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mat4-6wje-zkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39317?format=api", "vulnerability_id": "VCID-ryz9-55qq-cyd9", "summary": "Information Exposure\nVulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.409", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40881", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40958", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40962", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40931", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713" }, { "reference_url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713", "reference_id": "CVE-2017-15713", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713" }, { "reference_url": "https://github.com/advisories/GHSA-3v44-382q-55f4", "reference_id": "GHSA-3v44-382q-55f4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v44-382q-55f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63233?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/215472?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-wph5-16hk-jkbj" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/54873?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/53663?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1" } ], "aliases": [ "CVE-2017-15713", "GHSA-3v44-382q-55f4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryz9-55qq-cyd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44128?format=api", "vulnerability_id": "VCID-wph5-16hk-jkbj", "summary": "Improper Authentication in Apache Hadoop\nApache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64511", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64481", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64524", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64533", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.64521", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229", "reference_id": "CVE-2014-0229", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229" }, { "reference_url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm", "reference_id": "GHSA-9r7g-325h-mxrm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54866?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@0.23.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/63456?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5cvy-3bve-xkg7" }, { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-9j7c-z9ne-5ka5" }, { "vulnerability": "VCID-e4bh-g4w9-huax" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-me2a-1jcc-1uak" }, { "vulnerability": "VCID-ryz9-55qq-cyd9" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.4.1" } ], "aliases": [ "CVE-2014-0229", "GHSA-9r7g-325h-mxrm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wph5-16hk-jkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55894?format=api", "vulnerability_id": "VCID-zcz8-71p2-8kd9", "summary": "Apache Hadoop: Temporary File Local Information Disclosure\nApache Hadoop’s `RunJar.run()` does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2788", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27794", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27843", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27932", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23454" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64" }, { "reference_url": "https://issues.apache.org/jira/browse/HADOOP-19031", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/" } ], "url": "https://issues.apache.org/jira/browse/HADOOP-19031" }, { "reference_url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/" } ], "url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241101-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241101-0002" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/25/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/09/25/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454", "reference_id": "CVE-2024-23454", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454" }, { "reference_url": "https://github.com/advisories/GHSA-f5fw-25gw-5m92", "reference_id": "GHSA-f5fw-25gw-5m92", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5fw-25gw-5m92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82789?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.4.0" } ], "aliases": [ "CVE-2024-23454", "GHSA-f5fw-25gw-5m92" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zcz8-71p2-8kd9" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.4" }