Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hadoop/hadoop-main@2.9.0
Typemaven
Namespaceorg.apache.hadoop
Namehadoop-main
Version2.9.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.1
Latest_non_vulnerable_version3.3.5
Affected_by_vulnerabilities
0
url VCID-371e-cg9e-tydr
vulnerability_id VCID-371e-cg9e-tydr
summary 
Improper Privilege Management
Apache Hadoop blocks users or grants access to users incorrectly, if the system uses non-default groups mapping mechanisms.
references
0
reference_url https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/246cf223e7dc0c1dff90b78dccb6c3fe94e1a044dbf98e2333393302@%3Ccommon-issues.hadoop.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5a44590b4eedc5e25f5bd3081d1631b52c174b5b99157f7950ddc270@%3Ccommon-dev.hadoop.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/5fb771f66946dd5c99a8a5713347c24873846f555d716f9ac17bccca@%3Cgeneral.hadoop.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
4
reference_url https://security.netapp.com/advisory/ntap-20190416-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190416-0009/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11767
reference_id CVE-2018-11767
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-11767
6
reference_url https://github.com/advisories/GHSA-5cf4-jqwp-584g
reference_id GHSA-5cf4-jqwp-584g
reference_type
scores
url https://github.com/advisories/GHSA-5cf4-jqwp-584g
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
aliases CVE-2018-11767, GHSA-5cf4-jqwp-584g
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-371e-cg9e-tydr
1
url VCID-5cvy-3bve-xkg7
vulnerability_id VCID-5cvy-3bve-xkg7
summary 
Privilege escalation
A user who can escalate to yarn user can possibly run arbitrary commands as root user.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
1
reference_url https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E
3
reference_url https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E
4
reference_url https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
7
reference_url https://security.netapp.com/advisory/ntap-20190617-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190617-0001/
8
reference_url https://www.openwall.com/lists/oss-security/2019/05/30/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/05/30/1
9
reference_url http://www.securityfocus.com/bid/108518
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/108518
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8029
reference_id CVE-2018-8029
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-8029
11
reference_url https://github.com/advisories/GHSA-37pw-qw47-4jxm
reference_id GHSA-37pw-qw47-4jxm
reference_type
scores
url https://github.com/advisories/GHSA-37pw-qw47-4jxm
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.2
1
url pkg:maven/org.apache.hadoop/hadoop-main@3.1.1
purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1
aliases CVE-2018-8029, GHSA-37pw-qw47-4jxm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cvy-3bve-xkg7
2
url VCID-66vn-51hs-kudx
vulnerability_id VCID-66vn-51hs-kudx
summary 
Information Exposure
In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1296
reference_id CVE-2018-1296
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1296
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1
1
url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1
aliases CVE-2018-1296
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66vn-51hs-kudx
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.0