Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Version 2.0.0-alpha

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.4.0

Latest_non_vulnerable_version 3.4.0

Affected_by_vulnerabilities

url VCID-2rqy-cb3b-z3ef

vulnerability_id VCID-2rqy-cb3b-z3ef

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23454

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.27985
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23454

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/8c2836402fbb2f619f1fef4ef625a8542e853a64

reference_url

https://issues.apache.org/jira/browse/HADOOP-19031

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/

url

https://issues.apache.org/jira/browse/HADOOP-19031

reference_url

https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:19:22Z/

url

https://lists.apache.org/thread/xlo7q8kn4tsjvx059r789oz19hzgfkfs

reference_url

https://security.netapp.com/advisory/ntap-20241101-0002

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241101-0002

reference_url

http://www.openwall.com/lists/oss-security/2024/09/25/1

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/09/25/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23454

reference_id

CVE-2024-23454

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23454

reference_url

https://github.com/advisories/GHSA-f5fw-25gw-5m92

reference_id

GHSA-f5fw-25gw-5m92

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f5fw-25gw-5m92

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@3.4.0
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.4.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.4.0

aliases CVE-2024-23454, GHSA-f5fw-25gw-5m92

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rqy-cb3b-z3ef

url VCID-ggak-tqmx-vuay

vulnerability_id VCID-ggak-tqmx-vuay

summary

Exposure of Sensitive Information to an Unauthorized Actor
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5001

reference_id

reference_type

scores

value	0.00118
scoring_system	epss
scoring_elements	0.30307
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5001

reference_url

http://seclists.org/oss-sec/2016/q4/698

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2016/q4/698

reference_url

https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a@%3Cuser.flink.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5001

reference_id

CVE-2016-5001

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5001

reference_url

https://github.com/advisories/GHSA-8r28-r8cp-g6cp

reference_id

GHSA-8r28-r8cp-g6cp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8r28-r8cp-g6cp

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.6.4

purl pkg:maven/org.apache.hadoop/hadoop-common@2.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ax8z-33ed-g3gb

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

vulnerability	VCID-szub-twh3-xbd8

vulnerability	VCID-uzvk-u8b3-nuf1

vulnerability	VCID-vpk5-74e3-8fb2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.6.4

url pkg:maven/org.apache.hadoop/hadoop-common@2.7.2

purl pkg:maven/org.apache.hadoop/hadoop-common@2.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ax8z-33ed-g3gb

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

vulnerability	VCID-szub-twh3-xbd8

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.2

aliases CVE-2016-5001, GHSA-8r28-r8cp-g6cp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggak-tqmx-vuay

url VCID-hzne-ppwz-6qeh

vulnerability_id VCID-hzne-ppwz-6qeh

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_id

reference_type

scores

value	0.01257
scoring_system	epss
scoring_elements	0.79699
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_url	https://security.netapp.com/advisory/ntap-20220715-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220715-0007/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_id

CVE-2021-37404

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

reference_id

GHSA-rmpj-7c96-mrg8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

purl pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

purl pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

url pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

purl pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

aliases CVE-2021-37404, GHSA-rmpj-7c96-mrg8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzne-ppwz-6qeh

url VCID-uzvk-u8b3-nuf1

vulnerability_id VCID-uzvk-u8b3-nuf1

summary

Insecure Inherited Permissions in  Apache Hadoop
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6811

reference_id

reference_type

scores

value	0.00538
scoring_system	epss
scoring_elements	0.67837
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6811

reference_url

https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6811

reference_id

CVE-2016-6811

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6811

reference_url	https://github.com/advisories/GHSA-mf7c-35mq-75pj
reference_id	GHSA-mf7c-35mq-75pj
reference_type
scores
url	https://github.com/advisories/GHSA-mf7c-35mq-75pj

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.7.4

purl pkg:maven/org.apache.hadoop/hadoop-common@2.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ax8z-33ed-g3gb

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.4

aliases CVE-2016-6811, GHSA-mf7c-35mq-75pj

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzvk-u8b3-nuf1

Fixing_vulnerabilities

url VCID-ax8z-33ed-g3gb

vulnerability_id VCID-ax8z-33ed-g3gb

summary

Information Exposure
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.40896
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_id

CVE-2017-15713

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_url

https://github.com/advisories/GHSA-3v44-382q-55f4

reference_id

GHSA-3v44-382q-55f4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3v44-382q-55f4

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

purl pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ggak-tqmx-vuay

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

url pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

purl pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ggak-tqmx-vuay

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jabk-tfv9-gfhx

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

url pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

url pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

aliases CVE-2017-15713, GHSA-3v44-382q-55f4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8z-33ed-g3gb

url VCID-jd2z-gp4k-97dq

vulnerability_id VCID-jd2z-gp4k-97dq

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8009

reference_id

reference_type

scores

value	0.04616
scoring_system	epss
scoring_elements	0.89433
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8009

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url	https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e

reference_url

https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432

reference_url	https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47

reference_url

https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f

reference_url

https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9

reference_url

https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde

reference_url	https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607

reference_url	https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6

reference_url	https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde

reference_url	https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2

reference_url	https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860

reference_url	https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1

reference_url

https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9

reference_url

https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://snyk.io/research/zip-slip-vulnerability

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/research/zip-slip-vulnerability

reference_url

http://www.securityfocus.com/bid/105927

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105927

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8009

reference_id

CVE-2018-8009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8009

reference_url

https://github.com/advisories/GHSA-6x48-j4x4-cqw3

reference_id

GHSA-6x48-j4x4-cqw3

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6x48-j4x4-cqw3

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

purl pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ggak-tqmx-vuay

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

url pkg:maven/org.apache.hadoop/hadoop-common@2.7.7

purl pkg:maven/org.apache.hadoop/hadoop-common@2.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-ax8z-33ed-g3gb

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.7.7

url pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

url pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

purl pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

url pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2rqy-cb3b-z3ef

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

aliases CVE-2018-8009, GHSA-6x48-j4x4-cqw3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jd2z-gp4k-97dq

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

Package Instance