Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.4

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Version 2.8.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.8.5

Latest_non_vulnerable_version 3.3.3

Affected_by_vulnerabilities

url VCID-5cvy-3bve-xkg7

vulnerability_id VCID-5cvy-3bve-xkg7

summary

Privilege escalation
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029

reference_url	https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_url	https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20190617-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190617-0001/

reference_url	https://www.openwall.com/lists/oss-security/2019/05/30/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/05/30/1

reference_url	http://www.securityfocus.com/bid/108518
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108518

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-8029
reference_id	CVE-2018-8029
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_url	https://github.com/advisories/GHSA-37pw-qw47-4jxm
reference_id	GHSA-37pw-qw47-4jxm
reference_type
scores
url	https://github.com/advisories/GHSA-37pw-qw47-4jxm

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@2.8.5
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.8.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

url	pkg:maven/org.apache.hadoop/hadoop-common@2.9.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.9.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.1.1
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

aliases CVE-2018-8029, GHSA-37pw-qw47-4jxm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cvy-3bve-xkg7

url VCID-e4bh-g4w9-huax

vulnerability_id VCID-e4bh-g4w9-huax

summary

Path Traversal
Apache Hadoop is exploitable via the zip slip vulnerability in locations that accept a zip file.

references

reference_url	https://access.redhat.com/errata/RHSA-2019:3892
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3892

reference_url	https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop
reference_id
reference_type
scores
url	https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

reference_url	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url	https://snyk.io/research/zip-slip-vulnerability
reference_id
reference_type
scores
url	https://snyk.io/research/zip-slip-vulnerability

reference_url	http://www.securityfocus.com/bid/105927
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105927

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-8009
reference_id	CVE-2018-8009
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-8009

reference_url	https://github.com/advisories/GHSA-6x48-j4x4-cqw3
reference_id	GHSA-6x48-j4x4-cqw3
reference_type
scores
url	https://github.com/advisories/GHSA-6x48-j4x4-cqw3

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@2.8.5
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.8.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

url	pkg:maven/org.apache.hadoop/hadoop-common@2.9.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.9.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.1.1
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

aliases CVE-2018-8009, GHSA-6x48-j4x4-cqw3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4bh-g4w9-huax

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.4

Package Instance