Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.hadoop/hadoop-common@3.0.0-alpha3
purl pkg:maven/org.apache.hadoop/hadoop-common@3.0.0-alpha3
Next non-vulnerable version 3.4.0
Latest non-vulnerable version 3.4.0
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-3fz1-e6n6-rfh6
Aliases:
CVE-2024-23454
GHSA-f5fw-25gw-5m92
Apache Hadoop: Temporary File Local Information Disclosure Apache Hadoop’s `RunJar.run()` does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared between all local users. As such, files written in this directory, without setting the correct posix permissions explicitly, may be viewable by all other local users.
3.4.0
Affected by 0 other vulnerabilities.
VCID-6fnh-mjwd-9qee
Aliases:
CVE-2018-8029
GHSA-37pw-qw47-4jxm
Privilege escalation A user who can escalate to yarn user can possibly run arbitrary commands as root user.
3.1.1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-ncuc-8grw-ubep In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. CVE-2017-7669
GHSA-h24p-qwf4-84q8

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:09:35.449855+00:00 GitLab Importer Affected by VCID-3fz1-e6n6-rfh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2024-23454.yml 38.4.0
2026-04-16T20:54:47.839119+00:00 GitLab Importer Affected by VCID-6fnh-mjwd-9qee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8029.yml 38.4.0
2026-04-12T00:27:50.058159+00:00 GitLab Importer Affected by VCID-3fz1-e6n6-rfh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2024-23454.yml 38.3.0
2026-04-11T22:05:46.938632+00:00 GitLab Importer Affected by VCID-6fnh-mjwd-9qee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8029.yml 38.3.0
2026-04-04T14:31:22.022827+00:00 GHSA Importer Fixing VCID-ncuc-8grw-ubep https://github.com/advisories/GHSA-h24p-qwf4-84q8 38.1.0
2026-04-03T00:35:32.869482+00:00 GitLab Importer Affected by VCID-3fz1-e6n6-rfh6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2024-23454.yml 38.1.0
2026-04-02T22:18:36.790624+00:00 GitLab Importer Affected by VCID-6fnh-mjwd-9qee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8029.yml 38.1.0
2026-04-01T16:36:21.518721+00:00 GitLab Importer Affected by VCID-6fnh-mjwd-9qee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8029.yml 38.0.0
2026-04-01T13:10:37.150373+00:00 GithubOSV Importer Fixing VCID-ncuc-8grw-ubep https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h24p-qwf4-84q8/GHSA-h24p-qwf4-84q8.json 38.0.0