Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/42862?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42862?format=api", "vulnerability_id": "VCID-nyua-ktxa-7kf1", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nIn Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath does not resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3", "aliases": [ { "alias": "CVE-2022-26612" }, { "alias": "GHSA-gx2c-fvhc-ph4j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61295?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/61294?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/61296?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/61282?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-fxbm-rea9-t7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/61283?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxbm-rea9-t7ac" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/512035?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-h4py-1vy2-8uhg" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/503825?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-common@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-815s-stdq-zkd7" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" }, { "vulnerability": "VCID-zcz8-71p2-8kd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566630?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566631?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566632?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566633?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/566634?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/566635?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.8.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/503806?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566636?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566637?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566638?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566639?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/503810?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@2.10.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566640?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566641?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566642?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha3" }, { "url": "http://public2.vulnerablecode.io/api/packages/566643?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-alpha4" }, { "url": "http://public2.vulnerablecode.io/api/packages/566644?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0-beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/503807?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566645?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566646?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566647?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/566648?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566649?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566650?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/566651?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/503808?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73614?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-fxbm-rea9-t7ac" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/566652?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-fxbm-rea9-t7ac" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/566653?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-fxbm-rea9-t7ac" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/61280?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ee2-6dud-gkhh" }, { "vulnerability": "VCID-fxbm-rea9-t7ac" }, { "vulnerability": "VCID-mat4-6wje-zkdz" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/61281?format=api", "purl": "pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fxbm-rea9-t7ac" }, { "vulnerability": "VCID-nyua-ktxa-7kf1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.2" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26612.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26612.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26612", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44634", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44611", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4468", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44687", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44665", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26612" }, { "reference_url": "https://github.com/apache/hadoop", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-2.10.2/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.2.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.3.3/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/hadoop/commits/rel/release-3.4.0/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/FileUtil.java" }, { "reference_url": "https://issues.apache.org/jira/browse/HADOOP-18317", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/HADOOP-18317" }, { "reference_url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyz" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220519-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220519-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220519-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220519-0004/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073923", "reference_id": "2073923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073923" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26612", "reference_id": "CVE-2022-26612", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26612" }, { "reference_url": "https://github.com/advisories/GHSA-gx2c-fvhc-ph4j", "reference_id": "GHSA-gx2c-fvhc-ph4j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx2c-fvhc-ph4j" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 59, "name": "Improper Link Resolution Before File Access ('Link Following')", "description": "The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 22, "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "description": "The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." }, { "cwe_id": 281, "name": "Improper Preservation of Permissions", "description": "The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyua-ktxa-7kf1" }