Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3

Type maven

Namespace org.apache.hadoop

Name hadoop-yarn-server-nodemanager

Version 2.7.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.5

Latest_non_vulnerable_version 3.3.5

Affected_by_vulnerabilities

url VCID-db4t-grfx-eqc6

vulnerability_id VCID-db4t-grfx-eqc6

summary

Information Exposure
The YARN NodeManager in Apache Hadoop can leak the password for credential store provider used by the NodeManager to YARN Applications.

references

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15718
reference_id	CVE-2017-15718
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15718

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.5
purl	pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.5

aliases CVE-2017-15718

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db4t-grfx-eqc6

Fixing_vulnerabilities

url VCID-d6w1-2fxm-vqgf

vulnerability_id VCID-d6w1-2fxm-vqgf

summary

Exposure of Sensitive Information to an Unauthorized Actor
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.

references

reference_url	http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E
reference_id
reference_type
scores
url	http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E

reference_url	http://www.securityfocus.com/bid/95335
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95335

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-3086
reference_id	CVE-2016-3086
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-3086

reference_url	https://github.com/advisories/GHSA-895m-ww55-59vw
reference_id	GHSA-895m-ww55-59vw
reference_type
scores
url	https://github.com/advisories/GHSA-895m-ww55-59vw

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5
purl	pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5

url pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3

purl pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-db4t-grfx-eqc6

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3

aliases CVE-2016-3086, GHSA-895m-ww55-59vw

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6w1-2fxm-vqgf

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3

Package Instance