Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hadoop/hadoop-common@2.8.2
Typemaven
Namespaceorg.apache.hadoop
Namehadoop-common
Version2.8.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.3
Latest_non_vulnerable_version3.3.3
Affected_by_vulnerabilities
0
url VCID-ryz9-55qq-cyd9
vulnerability_id VCID-ryz9-55qq-cyd9
summary 
Information Exposure
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.
references
0
reference_url https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15713
reference_id CVE-2017-15713
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15713
2
reference_url https://github.com/advisories/GHSA-3v44-382q-55f4
reference_id GHSA-3v44-382q-55f4
reference_type
scores
url https://github.com/advisories/GHSA-3v44-382q-55f4
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-common@2.8.3
purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3
1
url pkg:maven/org.apache.hadoop/hadoop-common@3.0.1
purl pkg:maven/org.apache.hadoop/hadoop-common@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1
aliases CVE-2017-15713, GHSA-3v44-382q-55f4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryz9-55qq-cyd9
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.2