Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/26135?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/26135?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.0", "type": "maven", "namespace": "org.apache.hadoop", "name": "hadoop-common", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.0", "latest_non_vulnerable_version": "3.4.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15927?format=api", "vulnerability_id": "VCID-179c-6pqr-dyb4", "summary": "Improper Authentication in Apache Hadoop\nApache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58881", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58898", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58879", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58912", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58895", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58775", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58872", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.5884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.58893", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229", "reference_id": "CVE-2014-0229", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229" }, { "reference_url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm", "reference_id": "GHSA-9r7g-325h-mxrm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55214?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-5a9g-vebh-67cq" }, { "vulnerability": "VCID-67cn-ebsg-zbdd" }, { "vulnerability": "VCID-6fnh-mjwd-9qee" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-kt1w-97bw-r7bp" }, { "vulnerability": "VCID-p5ab-z4u4-akcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.4.1" } ], "aliases": [ "CVE-2014-0229", "GHSA-9r7g-325h-mxrm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-179c-6pqr-dyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12615?format=api", "vulnerability_id": "VCID-1xbr-pekw-ukcn", "summary": "Incorrect Authorization\nIn Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.28948", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34389", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34626", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.3437", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34631", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34754", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34728", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34666", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34681", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34703", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34675", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9492" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d" }, { "reference_url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210304-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210304-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210304-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210304-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237", "reference_id": "1925237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1925237" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492", "reference_id": "CVE-2020-9492", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9492" }, { "reference_url": "https://github.com/advisories/GHSA-f8vc-wfc8-hxqh", "reference_id": "GHSA-f8vc-wfc8-hxqh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f8vc-wfc8-hxqh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5606", "reference_id": "RHSA-2022:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/45231?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80734?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/45232?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.2" } ], "aliases": [ "CVE-2020-9492", "GHSA-f8vc-wfc8-hxqh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbr-pekw-ukcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53290?format=api", "vulnerability_id": "VCID-a8xd-ukj7-tqbk", "summary": "Apache Hadoop argument injection vulnerability\nApache Hadoop's `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. \"Check existence of file before untarring/zipping\", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86623", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86572", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86601", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86606", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86598", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86616", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86625", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03008", "scoring_system": "epss", "scoring_elements": "0.86535", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25168" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746" }, { "reference_url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25168", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25168" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220915-0007/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119084", "reference_id": "2119084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119084" }, { "reference_url": "https://github.com/advisories/GHSA-8wm5-8h9c-47pc", "reference_id": "GHSA-8wm5-8h9c-47pc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8wm5-8h9c-47pc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48648?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/80911?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/48650?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3" } ], "aliases": [ "CVE-2022-25168", "GHSA-8wm5-8h9c-47pc" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xd-ukj7-tqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55076?format=api", "vulnerability_id": "VCID-f7dh-1ngq-5kdz", "summary": "Improper Authentication in Apache Hadoop\nThe RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31282", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31699", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31667", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31491", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31363", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31685", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31817", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31861", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.3168", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31732", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31762", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31765", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31725", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31689", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00125", "scoring_system": "epss", "scoring_elements": "0.31721", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2192" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Aug/251", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2013/Aug/251" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2192" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326", "reference_id": "1001326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1001326" }, { "reference_url": "https://github.com/advisories/GHSA-pxv5-5vmp-3jj4", "reference_id": "GHSA-pxv5-5vmp-3jj4", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pxv5-5vmp-3jj4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0037", "reference_id": "RHSA-2014:0037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0400", "reference_id": "RHSA-2014:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0401", "reference_id": "RHSA-2014:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0401" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82253?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.6-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-179c-6pqr-dyb4" }, { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-5a9g-vebh-67cq" }, { "vulnerability": "VCID-67cn-ebsg-zbdd" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-kt1w-97bw-r7bp" }, { "vulnerability": "VCID-p5ab-z4u4-akcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.6-alpha" } ], "aliases": [ "CVE-2013-2192", "GHSA-pxv5-5vmp-3jj4" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7dh-1ngq-5kdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8698?format=api", "vulnerability_id": "VCID-kt1w-97bw-r7bp", "summary": "Information Exposure\nVulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54321", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54382", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54364", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5433", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5426", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54285", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54337", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54332", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713" }, { "reference_url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713", "reference_id": "CVE-2017-15713", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713" }, { "reference_url": "https://github.com/advisories/GHSA-3v44-382q-55f4", "reference_id": "GHSA-3v44-382q-55f4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v44-382q-55f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/167267?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-179c-6pqr-dyb4" }, { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-5a9g-vebh-67cq" }, { "vulnerability": "VCID-67cn-ebsg-zbdd" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-p5ab-z4u4-akcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/26151?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-6fnh-mjwd-9qee" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-p5ab-z4u4-akcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/24257?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-6fnh-mjwd-9qee" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-p5ab-z4u4-akcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1" } ], "aliases": [ "CVE-2017-15713", "GHSA-3v44-382q-55f4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kt1w-97bw-r7bp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4561?format=api", "vulnerability_id": "VCID-p5ab-z4u4-akcv", "summary": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90613", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90617", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90616", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90604", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90544", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90548", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90585", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90589", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05894", "scoring_system": "epss", "scoring_elements": "0.90607", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e" }, { "reference_url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432" }, { "reference_url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47" }, { "reference_url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f" }, { "reference_url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9" }, { "reference_url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde" }, { "reference_url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607" }, { "reference_url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6" }, { "reference_url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde" }, { "reference_url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2" }, { "reference_url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860" }, { "reference_url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1" }, { "reference_url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9" }, { "reference_url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://snyk.io/research/zip-slip-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "reference_url": "http://www.securityfocus.com/bid/105927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593018", "reference_id": "1593018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", "reference_id": "CVE-2018-8009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009" }, { "reference_url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3", "reference_id": "GHSA-6x48-j4x4-cqw3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33281?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-6fnh-mjwd-9qee" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-kt1w-97bw-r7bp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/33282?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/33283?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/33284?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1" } ], "aliases": [ "CVE-2018-8009", "GHSA-6x48-j4x4-cqw3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ab-z4u4-akcv" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0" }