Search for packages
| purl | pkg:maven/org.apache.hadoop/hadoop-hdfs-native-client@3.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1h2m-ywk8-b7dm
Aliases: CVE-2021-37404 GHSA-rmpj-7c96-mrg8 |
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2 There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. |
Affected by 2 other vulnerabilities. |
|
VCID-a7g7-weay-bqa1
Aliases: CVE-2025-27821 GHSA-92cc-952p-v8rh |
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-d4z5-7jk1-j3b7
Aliases: CVE-2021-33036 GHSA-58jx-f5rf-qgqf |
User account escalation in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||