Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-common@2.4.1

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Version 2.4.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.4.1

Latest_non_vulnerable_version 3.3.3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-jabk-tfv9-gfhx

vulnerability_id VCID-jabk-tfv9-gfhx

summary

Improper Authentication in Apache Hadoop
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0229

reference_id

reference_type

scores

value	0.00461
scoring_system	epss
scoring_elements	0.6445
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0229

reference_url	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r
reference_id
reference_type
scores
url	https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-0229
reference_id	CVE-2014-0229
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-0229

reference_url	https://github.com/advisories/GHSA-9r7g-325h-mxrm
reference_id	GHSA-9r7g-325h-mxrm
reference_type
scores
url	https://github.com/advisories/GHSA-9r7g-325h-mxrm

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@0.23.11

purl pkg:maven/org.apache.hadoop/hadoop-common@0.23.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ax8z-33ed-g3gb

vulnerability	VCID-jd2z-gp4k-97dq

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@0.23.11

url	pkg:maven/org.apache.hadoop/hadoop-common@2.4.1
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.4.1

aliases CVE-2014-0229, GHSA-9r7g-325h-mxrm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jabk-tfv9-gfhx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.4.1

Package Instance