VulnerableCode Package Details - pkg:maven/org.apache.hadoop/hadoop-main@0.23.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.hadoop/hadoop-main@0.23.1

Essentials
History (19)

purl	pkg:maven/org.apache.hadoop/hadoop-main@0.23.1

Next non-vulnerable version	2.10.2
Latest non-vulnerable version	3.3.5
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-9wd5-xmya-xug6 Aliases: CVE-2017-3166 GHSA-99qr-9cc9-fv2x	Incorrect Permission Assignment for Critical Resource In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.	2.7.3 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j858-d38m-vfhc Aliases: CVE-2018-1296 GHSA-v569-g72v-q434	Information Exposure In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.	2.7.6 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.9.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kt1w-97bw-r7bp Aliases: CVE-2017-15713 GHSA-3v44-382q-55f4	Information Exposure Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.	2.7.5 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.3 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qwzh-r4an-rubv Aliases: CVE-2012-1574 GHSA-c6f9-4pmv-m7m6	Apache Hadoop allows impersonation of arbitrary cluster user accounts The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.	0.23.2 Affected by 0 other vulnerabilities. 0.23.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.0.2 Affected by 0 other vulnerabilities.
VCID-zjq7-gsc9-y7ep Aliases: CVE-2012-2945 GHSA-v5c9-98f7-2h54	Improper Link Resolution Before File Access ('Link Following') Hadoop 1.0.3 contains a symlink vulnerability.	1.0.4 Affected by 0 other vulnerabilities. 2.0.0-alpha Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:52:55.582502+00:00	GitLab Importer	Affected by	VCID-qwzh-r4an-rubv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-1574.yml	38.4.0
2026-04-16T21:45:29.846455+00:00	GitLab Importer	Affected by	VCID-zjq7-gsc9-y7ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-2945.yml	38.4.0
2026-04-16T20:50:49.098718+00:00	GitLab Importer	Affected by	VCID-kt1w-97bw-r7bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-15713.yml	38.4.0
2026-04-16T20:50:47.531259+00:00	GitLab Importer	Affected by	VCID-9wd5-xmya-xug6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-3166.yml	38.4.0
2026-04-16T01:26:54.833199+00:00	GHSA Importer	Affected by	VCID-j858-d38m-vfhc	https://github.com/advisories/GHSA-v569-g72v-q434	38.4.0
2026-04-11T23:08:31.515968+00:00	GitLab Importer	Affected by	VCID-qwzh-r4an-rubv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-1574.yml	38.3.0
2026-04-11T23:01:13.570101+00:00	GitLab Importer	Affected by	VCID-zjq7-gsc9-y7ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-2945.yml	38.3.0
2026-04-11T22:01:30.608537+00:00	GitLab Importer	Affected by	VCID-kt1w-97bw-r7bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-15713.yml	38.3.0
2026-04-11T22:01:28.762585+00:00	GitLab Importer	Affected by	VCID-9wd5-xmya-xug6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-3166.yml	38.3.0
2026-04-11T12:56:14.935513+00:00	GHSA Importer	Affected by	VCID-j858-d38m-vfhc	https://github.com/advisories/GHSA-v569-g72v-q434	38.3.0
2026-04-02T23:17:07.622498+00:00	GitLab Importer	Affected by	VCID-qwzh-r4an-rubv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-1574.yml	38.1.0
2026-04-02T23:09:45.486465+00:00	GitLab Importer	Affected by	VCID-zjq7-gsc9-y7ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-2945.yml	38.1.0
2026-04-02T22:14:32.750436+00:00	GitLab Importer	Affected by	VCID-kt1w-97bw-r7bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-15713.yml	38.1.0
2026-04-02T22:14:30.845716+00:00	GitLab Importer	Affected by	VCID-9wd5-xmya-xug6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-3166.yml	38.1.0
2026-04-02T13:48:40.991593+00:00	GHSA Importer	Affected by	VCID-j858-d38m-vfhc	https://github.com/advisories/GHSA-v569-g72v-q434	38.1.0
2026-04-01T17:37:16.121052+00:00	GitLab Importer	Affected by	VCID-qwzh-r4an-rubv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-1574.yml	38.0.0
2026-04-01T17:29:27.871997+00:00	GitLab Importer	Affected by	VCID-zjq7-gsc9-y7ep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-2945.yml	38.0.0
2026-04-01T16:32:02.509778+00:00	GitLab Importer	Affected by	VCID-kt1w-97bw-r7bp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-15713.yml	38.0.0
2026-04-01T16:32:00.630725+00:00	GitLab Importer	Affected by	VCID-9wd5-xmya-xug6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-3166.yml	38.0.0