Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.hadoop/hadoop-client@1.0.0
purl pkg:maven/org.apache.hadoop/hadoop-client@1.0.0
Tags Ghost
Next non-vulnerable version 2.7.0
Latest non-vulnerable version 2.7.0
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-417a-z2w6-s3bq
Aliases:
CVE-2012-4449
GHSA-q46v-cj5v-hvg6
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
1.0.4
Affected by 2 other vulnerabilities.
2.0.2
Affected by 0 other vulnerabilities.
2.0.3-alpha
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:05.340465+00:00 GHSA Importer Affected by VCID-417a-z2w6-s3bq https://github.com/advisories/GHSA-q46v-cj5v-hvg6 38.1.0
2026-04-03T21:26:06.987934+00:00 GitLab Importer Affected by VCID-417a-z2w6-s3bq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-4449.yml 38.1.0