Search for packages
| purl | pkg:maven/org.apache.hadoop/hadoop-main@2.0.0-alpha |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9wd5-xmya-xug6
Aliases: CVE-2017-3166 GHSA-99qr-9cc9-fv2x |
Incorrect Permission Assignment for Critical Resource In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. |
Affected by 7 other vulnerabilities. |
|
VCID-j858-d38m-vfhc
Aliases: CVE-2018-1296 GHSA-v569-g72v-q434 |
Information Exposure In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent. |
Affected by 6 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-kt1w-97bw-r7bp
Aliases: CVE-2017-15713 GHSA-3v44-382q-55f4 |
Information Exposure Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host. |
Affected by 7 other vulnerabilities. Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-zjq7-gsc9-y7ep | Improper Link Resolution Before File Access ('Link Following') Hadoop 1.0.3 contains a symlink vulnerability. |
CVE-2012-2945
GHSA-v5c9-98f7-2h54 |