Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.3

Type maven

Namespace org.apache.hadoop

Name hadoop-main

Version 2.7.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.10.2

Latest_non_vulnerable_version 3.3.5

Affected_by_vulnerabilities

url VCID-1xbr-pekw-ukcn

vulnerability_id VCID-1xbr-pekw-ukcn

summary

Incorrect Authorization
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28948
published_at	2026-04-29T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34389
published_at	2026-04-24T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34626
published_at	2026-04-21T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3451
published_at	2026-04-01T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3437
published_at	2026-04-26T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34631
published_at	2026-04-07T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34754
published_at	2026-04-04T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34728
published_at	2026-04-02T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34666
published_at	2026-04-18T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34681
published_at	2026-04-16T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34644
published_at	2026-04-13T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34668
published_at	2026-04-12T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34707
published_at	2026-04-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34703
published_at	2026-04-09T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34675
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_url	https://security.netapp.com/advisory/ntap-20210304-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210304-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237
reference_id	1925237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_id

CVE-2020-9492

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_id

GHSA-f8vc-wfc8-hxqh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_url	https://access.redhat.com/errata/RHSA-2022:5606
reference_id	RHSA-2022:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5606

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

purl pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

purl pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

aliases CVE-2020-9492, GHSA-f8vc-wfc8-hxqh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbr-pekw-ukcn

url VCID-6fnh-mjwd-9qee

vulnerability_id VCID-6fnh-mjwd-9qee

summary

Privilege escalation
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8029.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8029.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_id

reference_type

scores

value	0.02152
scoring_system	epss
scoring_elements	0.84319
published_at	2026-04-29T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84314
published_at	2026-04-26T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84305
published_at	2026-04-24T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84281
published_at	2026-04-21T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84262
published_at	2026-04-11T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84277
published_at	2026-04-18T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84276
published_at	2026-04-16T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84254
published_at	2026-04-13T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84257
published_at	2026-04-12T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84184
published_at	2026-04-01T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84197
published_at	2026-04-02T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84215
published_at	2026-04-04T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84216
published_at	2026-04-07T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84238
published_at	2026-04-08T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84244
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029

reference_url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_url	https://security.netapp.com/advisory/ntap-20190617-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190617-0001/

reference_url	https://www.openwall.com/lists/oss-security/2019/05/30/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/05/30/1

reference_url

http://www.securityfocus.com/bid/108518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108518

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1795321
reference_id	1795321
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1795321

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_id

CVE-2018-8029

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

reference_id

GHSA-37pw-qw47-4jxm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

url pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14hy-wmsv-fbeh

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

aliases CVE-2018-8029, GHSA-37pw-qw47-4jxm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fnh-mjwd-9qee

url VCID-76cj-vggg-9bhe

vulnerability_id VCID-76cj-vggg-9bhe

summary

Information Exposure
The YARN NodeManager in Apache Hadoop can leak the password for credential store provider used by the NodeManager to YARN Applications.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15718

reference_id

reference_type

scores

value	0.01336
scoring_system	epss
scoring_elements	0.80067
published_at	2026-04-29T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.80011
published_at	2026-04-11T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79995
published_at	2026-04-12T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79987
published_at	2026-04-13T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.80016
published_at	2026-04-18T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.80017
published_at	2026-04-21T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.80045
published_at	2026-04-24T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.80051
published_at	2026-04-26T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79937
published_at	2026-04-01T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79944
published_at	2026-04-02T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79965
published_at	2026-04-04T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79954
published_at	2026-04-07T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79983
published_at	2026-04-08T12:55:00Z

value	0.01336
scoring_system	epss
scoring_elements	0.79992
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15718

reference_url

https://github.com/advisories/GHSA-mq8p-h798-xcrp

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mq8p-h798-xcrp

reference_url

https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/773c93c2d8a6a52bbe97610c2b1c2ad205b970e1b8c04fb5b2fccad6@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15718

reference_id

CVE-2017-15718

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15718

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-ej9n-h4mm-gkg3

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-j858-d38m-vfhc

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

aliases CVE-2017-15718, GHSA-mq8p-h798-xcrp

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-76cj-vggg-9bhe

url VCID-a8xd-ukj7-tqbk

vulnerability_id VCID-a8xd-ukj7-tqbk

summary

Apache Hadoop argument injection vulnerability
Apache Hadoop's `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_id

reference_type

scores

value	0.03008
scoring_system	epss
scoring_elements	0.86623
published_at	2026-04-29T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86553
published_at	2026-04-07T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86572
published_at	2026-04-08T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86582
published_at	2026-04-09T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86597
published_at	2026-04-11T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-12T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86586
published_at	2026-04-13T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86601
published_at	2026-04-16T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86606
published_at	2026-04-18T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86598
published_at	2026-04-21T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86616
published_at	2026-04-24T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86625
published_at	2026-04-26T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86535
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_url	https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0007/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084
reference_id	2119084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084

reference_url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

reference_id

GHSA-8wm5-8h9c-47pc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-main@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-main@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.2

url	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
purl	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

purl pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q8gj-qdrr-j7cb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xd-ukj7-tqbk

url VCID-j858-d38m-vfhc

vulnerability_id VCID-j858-d38m-vfhc

summary

Information Exposure
In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1296

reference_id

reference_type

scores

value	0.00574
scoring_system	epss
scoring_elements	0.68807
published_at	2026-04-29T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68667
published_at	2026-04-07T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68718
published_at	2026-04-08T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68736
published_at	2026-04-09T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68759
published_at	2026-04-11T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68745
published_at	2026-04-12T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68715
published_at	2026-04-13T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68758
published_at	2026-04-16T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68768
published_at	2026-04-18T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68747
published_at	2026-04-21T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68795
published_at	2026-04-24T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68801
published_at	2026-04-26T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68652
published_at	2026-04-01T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.6867
published_at	2026-04-02T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68689
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1296

reference_url

https://github.com/advisories/GHSA-v569-g72v-q434

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v569-g72v-q434

reference_url

https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E

reference_url

http://www.securityfocus.com/bid/106764

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1671291
reference_id	1671291
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1671291

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::
reference_id	cpe:2.3:a:apache:hadoop::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.1:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.2:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.3:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.9.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1296

reference_id

CVE-2018-1296

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1296

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-ej9n-h4mm-gkg3

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

url pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

url pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

aliases CVE-2018-1296, GHSA-v569-g72v-q434

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j858-d38m-vfhc

url VCID-jxf7-btpn-xyax

vulnerability_id VCID-jxf7-btpn-xyax

summary In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11768

reference_id

reference_type

scores

value	0.01294
scoring_system	epss
scoring_elements	0.79764
published_at	2026-04-29T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7975
published_at	2026-04-26T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7968
published_at	2026-04-13T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79646
published_at	2026-04-07T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7966
published_at	2026-04-04T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79638
published_at	2026-04-02T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79631
published_at	2026-04-01T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79743
published_at	2026-04-24T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79712
published_at	2026-04-21T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79709
published_at	2026-04-18T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79687
published_at	2026-04-12T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79703
published_at	2026-04-11T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79682
published_at	2026-04-09T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79675
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11768

reference_url

https://hadoop.apache.org/cve_list.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hadoop.apache.org/cve_list.html

reference_url

https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11768

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11768

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1764650
reference_id	1764650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1764650

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::
reference_id	cpe:2.3:a:apache:hadoop::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.2:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.3:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.4:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.5:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.6:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.1:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::

reference_url

https://github.com/advisories/GHSA-hx83-rpqf-m267

reference_id

GHSA-hx83-rpqf-m267

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hx83-rpqf-m267

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.8.5

purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14hy-wmsv-fbeh

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.5

url pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14hy-wmsv-fbeh

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

aliases CVE-2018-11768, GHSA-hx83-rpqf-m267

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf7-btpn-xyax

url VCID-kt1w-97bw-r7bp

vulnerability_id VCID-kt1w-97bw-r7bp

summary

Information Exposure
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_id

reference_type

scores

value	0.00311
scoring_system	epss
scoring_elements	0.54321
published_at	2026-04-29T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54382
published_at	2026-04-16T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54364
published_at	2026-04-12T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54343
published_at	2026-04-13T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54386
published_at	2026-04-18T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54367
published_at	2026-04-21T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.5433
published_at	2026-04-24T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54345
published_at	2026-04-26T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.5426
published_at	2026-04-01T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.5428
published_at	2026-04-02T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.5431
published_at	2026-04-04T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54285
published_at	2026-04-07T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54337
published_at	2026-04-08T12:55:00Z

value	0.00311
scoring_system	epss
scoring_elements	0.54332
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_id

CVE-2017-15713

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_url

https://github.com/advisories/GHSA-3v44-382q-55f4

reference_id

GHSA-3v44-382q-55f4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3v44-382q-55f4

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-ej9n-h4mm-gkg3

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-j858-d38m-vfhc

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.5

url pkg:maven/org.apache.hadoop/hadoop-main@2.8.3

purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-j858-d38m-vfhc

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.3

aliases CVE-2017-15713, GHSA-3v44-382q-55f4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt1w-97bw-r7bp

Fixing_vulnerabilities

url VCID-9wd5-xmya-xug6

vulnerability_id VCID-9wd5-xmya-xug6

summary

Incorrect Permission Assignment for Critical Resource
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-3166

reference_id

reference_type

scores

value	0.00214
scoring_system	epss
scoring_elements	0.43757
published_at	2026-04-29T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43946
published_at	2026-04-11T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43875
published_at	2026-04-07T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43926
published_at	2026-04-08T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43928
published_at	2026-04-09T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43913
published_at	2026-04-12T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43898
published_at	2026-04-13T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.4396
published_at	2026-04-16T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43951
published_at	2026-04-18T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43883
published_at	2026-04-21T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43834
published_at	2026-04-24T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43837
published_at	2026-04-26T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43879
published_at	2026-04-01T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43923
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-3166

reference_url

https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.1:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.2:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.3:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.4:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.5:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.1:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.2:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.3:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-3166

reference_id

CVE-2017-3166

reference_type

scores

value	4.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-3166

reference_url

https://github.com/advisories/GHSA-99qr-9cc9-fv2x

reference_id

GHSA-99qr-9cc9-fv2x

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-99qr-9cc9-fv2x

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.7.3

purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-76cj-vggg-9bhe

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-j858-d38m-vfhc

vulnerability	VCID-jxf7-btpn-xyax

vulnerability	VCID-kt1w-97bw-r7bp

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.3

aliases CVE-2017-3166, GHSA-99qr-9cc9-fv2x

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wd5-xmya-xug6

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.3

Package Instance