Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53834?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53834?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@0.23.11", "type": "maven", "namespace": "org.apache.hadoop", "name": "hadoop-common", "version": "0.23.11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.0", "latest_non_vulnerable_version": "3.4.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/248169?format=api", "vulnerability_id": "VCID-2rqy-cb3b-z3ef", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27985", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23454" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64" }, { "reference_url": "https://issues.apache.org/jira/browse/HADOOP-19031", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/" } ], "url": "https://issues.apache.org/jira/browse/HADOOP-19031" }, { "reference_url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/" } ], "url": "https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241101-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241101-0002" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/25/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/09/25/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454", "reference_id": "CVE-2024-23454", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454" }, { "reference_url": "https://github.com/advisories/GHSA-f5fw-25gw-5m92", "reference_id": "GHSA-f5fw-25gw-5m92", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5fw-25gw-5m92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82938?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.4.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.4.0" } ], "aliases": [ "CVE-2024-23454", "GHSA-f5fw-25gw-5m92" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rqy-cb3b-z3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12074?format=api", "vulnerability_id": "VCID-ax8z-33ed-g3gb", "summary": "Information Exposure\nVulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40896", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15713" }, { "reference_url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713", "reference_id": "CVE-2017-15713", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15713" }, { "reference_url": "https://github.com/advisories/GHSA-3v44-382q-55f4", "reference_id": "GHSA-3v44-382q-55f4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v44-382q-55f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ggak-tqmx-vuay" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/108677?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ggak-tqmx-vuay" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jabk-tfv9-gfhx" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/53841?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52633?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1" } ], "aliases": [ "CVE-2017-15713", "GHSA-3v44-382q-55f4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8z-33ed-g3gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16072?format=api", "vulnerability_id": "VCID-ggak-tqmx-vuay", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThis is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30307", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5001" }, { "reference_url": "http://seclists.org/oss-sec/2016/q4/698", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2016/q4/698" }, { "reference_url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5001", "reference_id": "CVE-2016-5001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5001" }, { "reference_url": "https://github.com/advisories/GHSA-8r28-r8cp-g6cp", "reference_id": "GHSA-8r28-r8cp-g6cp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r28-r8cp-g6cp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61387?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.6.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ax8z-33ed-g3gb" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" }, { "vulnerability": "VCID-szub-twh3-xbd8" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" }, { "vulnerability": "VCID-vpk5-74e3-8fb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/61388?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ax8z-33ed-g3gb" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" }, { "vulnerability": "VCID-szub-twh3-xbd8" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.2" } ], "aliases": [ "CVE-2016-5001", "GHSA-8r28-r8cp-g6cp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggak-tqmx-vuay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180733?format=api", "vulnerability_id": "VCID-hzne-ppwz-6qeh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01257", "scoring_system": "epss", "scoring_elements": "0.79699", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37404" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220715-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220715-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220715-0007/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37404", "reference_id": "CVE-2021-37404", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37404" }, { "reference_url": "https://github.com/advisories/GHSA-rmpj-7c96-mrg8", "reference_id": "GHSA-rmpj-7c96-mrg8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmpj-7c96-mrg8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60264?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/60263?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/78157?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2" } ], "aliases": [ "CVE-2021-37404", "GHSA-rmpj-7c96-mrg8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hzne-ppwz-6qeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9724?format=api", "vulnerability_id": "VCID-jd2z-gp4k-97dq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04616", "scoring_system": "epss", "scoring_elements": "0.89433", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e" }, { "reference_url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432" }, { "reference_url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47" }, { "reference_url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f" }, { "reference_url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9" }, { "reference_url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde" }, { "reference_url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607" }, { "reference_url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6" }, { "reference_url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde" }, { "reference_url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2" }, { "reference_url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860" }, { "reference_url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1" }, { "reference_url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9" }, { "reference_url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "reference_url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://snyk.io/research/zip-slip-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/research/zip-slip-vulnerability" }, { "reference_url": "http://www.securityfocus.com/bid/105927", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/105927" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009", "reference_id": "CVE-2018-8009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8009" }, { "reference_url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3", "reference_id": "GHSA-6x48-j4x4-cqw3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6x48-j4x4-cqw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ggak-tqmx-vuay" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/56013?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.7.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ax8z-33ed-g3gb" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/56014?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/56015?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/56016?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1" } ], "aliases": [ "CVE-2018-8009", "GHSA-6x48-j4x4-cqw3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jd2z-gp4k-97dq" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16555?format=api", "vulnerability_id": "VCID-jabk-tfv9-gfhx", "summary": "Improper Authentication in Apache Hadoop\nApache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00461", "scoring_system": "epss", "scoring_elements": "0.6445", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0229" }, { "reference_url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229", "reference_id": "CVE-2014-0229", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0229" }, { "reference_url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm", "reference_id": "GHSA-9r7g-325h-mxrm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9r7g-325h-mxrm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53834?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@0.23.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ax8z-33ed-g3gb" }, { "vulnerability": "VCID-ggak-tqmx-vuay" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62288?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2rqy-cb3b-z3ef" }, { "vulnerability": "VCID-ax8z-33ed-g3gb" }, { "vulnerability": "VCID-ggak-tqmx-vuay" }, { "vulnerability": "VCID-hzne-ppwz-6qeh" }, { "vulnerability": "VCID-jd2z-gp4k-97dq" }, { "vulnerability": "VCID-n2yn-xfvx-g7a2" }, { "vulnerability": "VCID-nr94-ag1e-83ad" }, { "vulnerability": "VCID-uzvk-u8b3-nuf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.4.1" } ], "aliases": [ "CVE-2014-0229", "GHSA-9r7g-325h-mxrm" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jabk-tfv9-gfhx" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.11" }