Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

Type maven

Namespace org.apache.hadoop

Name hadoop-main

Version 3.1.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.4

Latest_non_vulnerable_version 3.3.5

Affected_by_vulnerabilities

url VCID-815s-stdq-zkd7

vulnerability_id VCID-815s-stdq-zkd7

summary hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_id

reference_type

scores

value	0.03008
scoring_system	epss
scoring_elements	0.8686
published_at	2026-06-05T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86837
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_url	https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0007/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084
reference_id	2119084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084

reference_url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

reference_id

GHSA-8wm5-8h9c-47pc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
purl	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

purl pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z97m-zrtk-7qcs

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-815s-stdq-zkd7

Fixing_vulnerabilities

url VCID-h4py-1vy2-8uhg

vulnerability_id VCID-h4py-1vy2-8uhg

summary

Incorrect Authorization
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28957
published_at	2026-06-05T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.28886
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_url	https://security.netapp.com/advisory/ntap-20210304-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210304-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237
reference_id	1925237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_id

CVE-2020-9492

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_id

GHSA-f8vc-wfc8-hxqh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_url	https://access.redhat.com/errata/RHSA-2022:5606
reference_id	RHSA-2022:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5606

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

purl pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-815s-stdq-zkd7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-815s-stdq-zkd7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

purl pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-815s-stdq-zkd7

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

aliases CVE-2020-9492, GHSA-f8vc-wfc8-hxqh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h4py-1vy2-8uhg

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

Package Instance