Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/13675?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13675?format=api", "vulnerability_id": "VCID-s95m-v2xc-ayen", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nIn Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath does not resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3", "aliases": [ { "alias": "CVE-2022-26612" }, { "alias": "GHSA-gx2c-fvhc-ph4j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48648?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/48645?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/48650?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3fz1-e6n6-rfh6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/48595?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/48596?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7g7-weay-bqa1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/143245?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-1xbr-pekw-ukcn" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/143346?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-3fz1-e6n6-rfh6" }, { "vulnerability": "VCID-a8xd-ukj7-tqbk" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293034?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293035?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293036?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293037?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/293038?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/293039?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/293040?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293041?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293042?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293043?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293044?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293045?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293046?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293047?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293048?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha3" }, { "url": "http://public2.vulnerablecode.io/api/packages/293049?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha4" }, { "url": "http://public2.vulnerablecode.io/api/packages/293050?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293051?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293052?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293053?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293054?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/293055?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293056?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293057?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/293058?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/293059?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/67537?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/293060?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/293061?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/48592?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h2m-ywk8-b7dm" }, { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-d4z5-7jk1-j3b7" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/48593?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a7g7-weay-bqa1" }, { "vulnerability": "VCID-s95m-v2xc-ayen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26612.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40683", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40766", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40761", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40791", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40771", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40799", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40724", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40774", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.408", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26612" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://issues.apache.org/jira/browse/HADOOP-18317", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/HADOOP-18317" }, { "reference_url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220519-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220519-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220519-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220519-0004/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073923", "reference_id": "2073923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073923" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26612", "reference_id": "CVE-2022-26612", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26612" }, { "reference_url": "https://github.com/advisories/GHSA-gx2c-fvhc-ph4j", "reference_id": "GHSA-gx2c-fvhc-ph4j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx2c-fvhc-ph4j" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 59, "name": "Improper Link Resolution Before File Access ('Link Following')", "description": "The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 281, "name": "Improper Preservation of Permissions", "description": "The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s95m-v2xc-ayen" }