Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Version 2.10.2

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.1.1

Latest_non_vulnerable_version 3.3.3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-7gck-cdzs-eyhf

vulnerability_id VCID-7gck-cdzs-eyhf

summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath does not resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26612

reference_id

reference_type

scores

value	0.0022
scoring_system	epss
scoring_elements	0.44612
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26612

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_url

https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_url

https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_url

https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java

reference_url

https://issues.apache.org/jira/browse/HADOOP-18317

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/HADOOP-18317

reference_url

https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz

reference_url

https://security.netapp.com/advisory/ntap-20220519-0004

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220519-0004

reference_url	https://security.netapp.com/advisory/ntap-20220519-0004/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220519-0004/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-26612

reference_id

CVE-2022-26612

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-26612

reference_url

https://github.com/advisories/GHSA-gx2c-fvhc-ph4j

reference_id

GHSA-gx2c-fvhc-ph4j

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gx2c-fvhc-ph4j

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.2.3
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

url	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3

aliases CVE-2022-26612, GHSA-gx2c-fvhc-ph4j

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gck-cdzs-eyhf

url VCID-hzne-ppwz-6qeh

vulnerability_id VCID-hzne-ppwz-6qeh

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_id

reference_type

scores

value	0.01257
scoring_system	epss
scoring_elements	0.79699
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_url	https://security.netapp.com/advisory/ntap-20220715-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220715-0007/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_id

CVE-2021-37404

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

reference_id

GHSA-rmpj-7c96-mrg8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@3.3.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

url	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.2.3
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

aliases CVE-2021-37404, GHSA-rmpj-7c96-mrg8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzne-ppwz-6qeh

url VCID-n2yn-xfvx-g7a2

vulnerability_id VCID-n2yn-xfvx-g7a2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_id

reference_type

scores

value	0.03008
scoring_system	epss
scoring_elements	0.86821
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_url	https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0007/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_id

CVE-2022-25168

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

reference_id

GHSA-8wm5-8h9c-47pc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@3.2.4
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.4

url	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3

aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2yn-xfvx-g7a2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

Package Instance