VulnerableCode Package Details - pkg:maven/org.apache.hadoop/hadoop-client@2.0.1-alpha

Search for packages

Vulnerability	Summary	Fixed by
VCID-1jer-fvap-a3et Aliases: CVE-2017-3162 GHSA-pr9x-qmp5-j3rr	Improper Input Validation HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace	2.7.0 Affected by 0 other vulnerabilities.
VCID-417a-z2w6-s3bq Aliases: CVE-2012-4449 GHSA-q46v-cj5v-hvg6	Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.	2.0.2 Affected by 0 other vulnerabilities. 2.0.3-alpha Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s1ru-ts2c-ubf5 Aliases: CVE-2014-3627 GHSA-jpmf-8cj2-595g	Improper Link Resolution Before File Access in Apache Hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.	2.5.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-teju-geqm-j7cy Aliases: CVE-2017-3161 GHSA-qm7f-r83w-3p46	Cross-site Scripting The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.	2.7.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1jer-fvap-a3et
Aliases:
CVE-2017-3162
GHSA-pr9x-qmp5-j3rr

Improper Input Validation HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace

2.7.0
Affected by 0 other vulnerabilities.

VCID-417a-z2w6-s3bq
Aliases:
CVE-2012-4449
GHSA-q46v-cj5v-hvg6

Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

2.0.2
Affected by 0 other vulnerabilities.

2.0.3-alpha
Affected by 3 other vulnerabilities.

VCID-s1ru-ts2c-ubf5
Aliases:
CVE-2014-3627
GHSA-jpmf-8cj2-595g

Improper Link Resolution Before File Access in Apache Hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.

2.5.2
Affected by 2 other vulnerabilities.

VCID-teju-geqm-j7cy
Aliases:
CVE-2017-3161
GHSA-qm7f-r83w-3p46

Cross-site Scripting The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

2.7.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6x8y-ffja-k3cw	Client BlockTokens not checked in Apache Hadoop DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.	CVE-2012-3376 GHSA-qmh2-h7r6-gm6q

Vulnerability

Summary

Aliases

VCID-6x8y-ffja-k3cw

Client BlockTokens not checked in Apache Hadoop DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.

CVE-2012-3376
GHSA-qmh2-h7r6-gm6q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:54:38.264118+00:00	GitLab Importer	Affected by	VCID-417a-z2w6-s3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-4449.yml	38.4.0
2026-04-16T21:53:44.915820+00:00	GitLab Importer	Fixing	VCID-6x8y-ffja-k3cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-3376.yml	38.4.0
2026-04-16T21:53:23.970645+00:00	GitLab Importer	Affected by	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.4.0
2026-04-16T21:48:18.652945+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.4.0
2026-04-16T21:47:11.859304+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.4.0
2026-04-11T23:09:56.404916+00:00	GitLab Importer	Affected by	VCID-417a-z2w6-s3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-4449.yml	38.3.0
2026-04-11T23:09:09.968557+00:00	GitLab Importer	Fixing	VCID-6x8y-ffja-k3cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-3376.yml	38.3.0
2026-04-11T23:08:53.953877+00:00	GitLab Importer	Affected by	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.3.0
2026-04-11T23:04:12.060007+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.3.0
2026-04-11T23:03:01.001971+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.3.0
2026-04-04T14:31:23.982445+00:00	GHSA Importer	Fixing	VCID-6x8y-ffja-k3cw	https://github.com/advisories/GHSA-qmh2-h7r6-gm6q	38.1.0
2026-04-02T23:18:40.823990+00:00	GitLab Importer	Affected by	VCID-417a-z2w6-s3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-4449.yml	38.1.0
2026-04-02T23:17:53.002793+00:00	GitLab Importer	Fixing	VCID-6x8y-ffja-k3cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-3376.yml	38.1.0
2026-04-02T23:17:33.200757+00:00	GitLab Importer	Affected by	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.1.0
2026-04-02T23:12:33.623540+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.1.0
2026-04-02T23:11:24.956376+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.1.0
2026-04-01T17:39:01.967769+00:00	GitLab Importer	Affected by	VCID-417a-z2w6-s3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-4449.yml	38.0.0
2026-04-01T17:38:07.704710+00:00	GitLab Importer	Fixing	VCID-6x8y-ffja-k3cw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2012-3376.yml	38.0.0
2026-04-01T17:37:44.928075+00:00	GitLab Importer	Affected by	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.0.0
2026-04-01T17:32:29.288346+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.0.0
2026-04-01T17:31:16.529463+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.0.0
2026-04-01T13:10:14.234256+00:00	GithubOSV Importer	Fixing	VCID-6x8y-ffja-k3cw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmh2-h7r6-gm6q/GHSA-qmh2-h7r6-gm6q.json	38.0.0