Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.hadoop/hadoop-main@2.10.0
Typemaven
Namespaceorg.apache.hadoop
Namehadoop-main
Version2.10.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.10.2
Latest_non_vulnerable_version3.3.5
Affected_by_vulnerabilities
0
url VCID-1xbr-pekw-ukcn
vulnerability_id VCID-1xbr-pekw-ukcn
summary 
Incorrect Authorization
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9492
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.28801
published_at 2026-05-05T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.28948
published_at 2026-04-29T12:55:00Z
2
value 0.00143
scoring_system epss
scoring_elements 0.3451
published_at 2026-04-01T12:55:00Z
3
value 0.00143
scoring_system epss
scoring_elements 0.3437
published_at 2026-04-26T12:55:00Z
4
value 0.00143
scoring_system epss
scoring_elements 0.34389
published_at 2026-04-24T12:55:00Z
5
value 0.00143
scoring_system epss
scoring_elements 0.34631
published_at 2026-04-07T12:55:00Z
6
value 0.00143
scoring_system epss
scoring_elements 0.34754
published_at 2026-04-04T12:55:00Z
7
value 0.00143
scoring_system epss
scoring_elements 0.34728
published_at 2026-04-02T12:55:00Z
8
value 0.00143
scoring_system epss
scoring_elements 0.34626
published_at 2026-04-21T12:55:00Z
9
value 0.00143
scoring_system epss
scoring_elements 0.34666
published_at 2026-04-18T12:55:00Z
10
value 0.00143
scoring_system epss
scoring_elements 0.34681
published_at 2026-04-16T12:55:00Z
11
value 0.00143
scoring_system epss
scoring_elements 0.34644
published_at 2026-04-13T12:55:00Z
12
value 0.00143
scoring_system epss
scoring_elements 0.34668
published_at 2026-04-12T12:55:00Z
13
value 0.00143
scoring_system epss
scoring_elements 0.34707
published_at 2026-04-11T12:55:00Z
14
value 0.00143
scoring_system epss
scoring_elements 0.34703
published_at 2026-04-09T12:55:00Z
15
value 0.00143
scoring_system epss
scoring_elements 0.34675
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9492
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/hadoop
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hadoop
4
reference_url https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d
5
reference_url https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E
19
reference_url https://security.netapp.com/advisory/ntap-20210304-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210304-0001
20
reference_url https://security.netapp.com/advisory/ntap-20210304-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210304-0001/
21
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1925237
reference_id 1925237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1925237
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9492
reference_id CVE-2020-9492
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9492
24
reference_url https://github.com/advisories/GHSA-f8vc-wfc8-hxqh
reference_id GHSA-f8vc-wfc8-hxqh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f8vc-wfc8-hxqh
25
reference_url https://access.redhat.com/errata/RHSA-2022:5606
reference_id RHSA-2022:5606
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5606
26
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.10.1
purl pkg:maven/org.apache.hadoop/hadoop-main@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.1
1
url pkg:maven/org.apache.hadoop/hadoop-main@3.1.4
purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4
2
url pkg:maven/org.apache.hadoop/hadoop-main@3.2.2
purl pkg:maven/org.apache.hadoop/hadoop-main@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a8xd-ukj7-tqbk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.2
aliases CVE-2020-9492, GHSA-f8vc-wfc8-hxqh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbr-pekw-ukcn
1
url VCID-a8xd-ukj7-tqbk
vulnerability_id VCID-a8xd-ukj7-tqbk
summary 
Apache Hadoop argument injection vulnerability
Apache Hadoop's `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25168
reference_id
reference_type
scores
0
value 0.03008
scoring_system epss
scoring_elements 0.86644
published_at 2026-05-05T12:55:00Z
1
value 0.03008
scoring_system epss
scoring_elements 0.86572
published_at 2026-04-08T12:55:00Z
2
value 0.03008
scoring_system epss
scoring_elements 0.86582
published_at 2026-04-09T12:55:00Z
3
value 0.03008
scoring_system epss
scoring_elements 0.86597
published_at 2026-04-11T12:55:00Z
4
value 0.03008
scoring_system epss
scoring_elements 0.86594
published_at 2026-04-12T12:55:00Z
5
value 0.03008
scoring_system epss
scoring_elements 0.86586
published_at 2026-04-13T12:55:00Z
6
value 0.03008
scoring_system epss
scoring_elements 0.86601
published_at 2026-04-16T12:55:00Z
7
value 0.03008
scoring_system epss
scoring_elements 0.86606
published_at 2026-04-18T12:55:00Z
8
value 0.03008
scoring_system epss
scoring_elements 0.86598
published_at 2026-04-21T12:55:00Z
9
value 0.03008
scoring_system epss
scoring_elements 0.86616
published_at 2026-04-24T12:55:00Z
10
value 0.03008
scoring_system epss
scoring_elements 0.86625
published_at 2026-04-26T12:55:00Z
11
value 0.03008
scoring_system epss
scoring_elements 0.86623
published_at 2026-04-29T12:55:00Z
12
value 0.03008
scoring_system epss
scoring_elements 0.86535
published_at 2026-04-02T12:55:00Z
13
value 0.03008
scoring_system epss
scoring_elements 0.86553
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25168
2
reference_url https://github.com/apache/hadoop
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hadoop
3
reference_url https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746
4
reference_url https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25168
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25168
6
reference_url https://security.netapp.com/advisory/ntap-20220915-0007
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220915-0007
7
reference_url https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220915-0007/
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2119084
reference_id 2119084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2119084
9
reference_url https://github.com/advisories/GHSA-8wm5-8h9c-47pc
reference_id GHSA-8wm5-8h9c-47pc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8wm5-8h9c-47pc
fixed_packages
0
url pkg:maven/org.apache.hadoop/hadoop-main@2.10.2
purl pkg:maven/org.apache.hadoop/hadoop-main@2.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.2
1
url pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
purl pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
2
url pkg:maven/org.apache.hadoop/hadoop-main@3.3.3
purl pkg:maven/org.apache.hadoop/hadoop-main@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-q8gj-qdrr-j7cb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.3.3
aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xd-ukj7-tqbk
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.10.0