Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hadoop/hadoop-main@2.8.3
Typemaven
Namespaceorg.apache.hadoop
Namehadoop-main
Version2.8.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.8.4
Latest_non_vulnerable_version3.3.5
Affected_by_vulnerabilities
0
url VCID-371e-cg9e-tydr
vulnerability_id VCID-371e-cg9e-tydr
summary 
Improper Privilege Management
Apache Hadoop blocks users or grants access to users incorrectly, if the system uses non-default groups mapping mechanisms.
references
0
reference_url https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
4
reference_url https://security.netapp.com/advisory/ntap-20190416-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190416-0009/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11767
reference_id CVE-2018-11767
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11767
6
reference_url https://github.com/advisories/GHSA-5cf4-jqwp-584g
reference_id GHSA-5cf4-jqwp-584g
reference_type
scores
url https://github.com/advisories/GHSA-5cf4-jqwp-584g
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.8.5
purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.5
1
url pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
aliases CVE-2018-11767, GHSA-5cf4-jqwp-584g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-371e-cg9e-tydr
1
url VCID-66vn-51hs-kudx
vulnerability_id VCID-66vn-51hs-kudx
summary 
Information Exposure
In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1296
reference_id CVE-2018-1296
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1296
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.8.4
purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4
1
url pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
2
url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
aliases CVE-2018-1296
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66vn-51hs-kudx
Fixing_vulnerabilities
0
url VCID-ryz9-55qq-cyd9
vulnerability_id VCID-ryz9-55qq-cyd9
summary 
Information Exposure
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.
references
0
reference_url https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15713
reference_id CVE-2017-15713
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-15713
2
reference_url https://github.com/advisories/GHSA-3v44-382q-55f4
reference_id GHSA-3v44-382q-55f4
reference_type
scores
url https://github.com/advisories/GHSA-3v44-382q-55f4
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.7.5
purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-371e-cg9e-tydr
1
vulnerability VCID-66vn-51hs-kudx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.5
1
url pkg:maven/org.apache.hadoop/hadoop-main@2.8.3
purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-371e-cg9e-tydr
1
vulnerability VCID-66vn-51hs-kudx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.3
aliases CVE-2017-15713, GHSA-3v44-382q-55f4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ryz9-55qq-cyd9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.3