VulnerableCode Package Details - pkg:maven/org.apache.hadoop/hadoop-client@2.5.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-1jer-fvap-a3et Aliases: CVE-2017-3162 GHSA-pr9x-qmp5-j3rr	Improper Input Validation HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace	2.7.0 Affected by 0 other vulnerabilities.
VCID-teju-geqm-j7cy Aliases: CVE-2017-3161 GHSA-qm7f-r83w-3p46	Cross-site Scripting The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.	2.7.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1jer-fvap-a3et
Aliases:
CVE-2017-3162
GHSA-pr9x-qmp5-j3rr

Improper Input Validation HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace

2.7.0
Affected by 0 other vulnerabilities.

VCID-teju-geqm-j7cy
Aliases:
CVE-2017-3161
GHSA-qm7f-r83w-3p46

Cross-site Scripting The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

2.7.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-s1ru-ts2c-ubf5	Improper Link Resolution Before File Access in Apache Hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.	CVE-2014-3627 GHSA-jpmf-8cj2-595g

Vulnerability

Summary

Aliases

VCID-s1ru-ts2c-ubf5

Improper Link Resolution Before File Access in Apache Hadoop The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.

CVE-2014-3627
GHSA-jpmf-8cj2-595g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:53:24.016543+00:00	GitLab Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.4.0
2026-04-16T21:48:18.705333+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.4.0
2026-04-16T21:47:11.906941+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.4.0
2026-04-11T23:08:53.976920+00:00	GitLab Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.3.0
2026-04-11T23:04:12.112227+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.3.0
2026-04-11T23:03:01.055039+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.3.0
2026-04-04T14:31:39.900333+00:00	GHSA Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://github.com/advisories/GHSA-jpmf-8cj2-595g	38.1.0
2026-04-02T23:17:33.247080+00:00	GitLab Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.1.0
2026-04-02T23:12:33.668739+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.1.0
2026-04-02T23:11:25.002268+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.1.0
2026-04-01T17:37:44.985059+00:00	GitLab Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2014-3627.yml	38.0.0
2026-04-01T17:32:29.339842+00:00	GitLab Importer	Affected by	VCID-1jer-fvap-a3et	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3162.yml	38.0.0
2026-04-01T17:31:16.593855+00:00	GitLab Importer	Affected by	VCID-teju-geqm-j7cy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-client/CVE-2017-3161.yml	38.0.0
2026-04-01T13:07:41.973657+00:00	GithubOSV Importer	Fixing	VCID-s1ru-ts2c-ubf5	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jpmf-8cj2-595g/GHSA-jpmf-8cj2-595g.json	38.0.0