Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

Type maven

Namespace org.apache.hadoop

Name hadoop-main

Version 3.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.2.4

Latest_non_vulnerable_version 3.3.5

Affected_by_vulnerabilities

url VCID-1xbr-pekw-ukcn

vulnerability_id VCID-1xbr-pekw-ukcn

summary

Incorrect Authorization
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9492.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_id

reference_type

scores

value	0.0011
scoring_system	epss
scoring_elements	0.28863
published_at	2026-05-07T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.28801
published_at	2026-05-05T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.28948
published_at	2026-04-29T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3451
published_at	2026-04-01T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.3437
published_at	2026-04-26T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34631
published_at	2026-04-07T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34754
published_at	2026-04-04T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34728
published_at	2026-04-02T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34389
published_at	2026-04-24T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34626
published_at	2026-04-21T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34666
published_at	2026-04-18T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34681
published_at	2026-04-16T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34644
published_at	2026-04-13T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34668
published_at	2026-04-12T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34707
published_at	2026-04-11T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34703
published_at	2026-04-09T12:55:00Z

value	0.00143
scoring_system	epss
scoring_elements	0.34675
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9492

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/ca65409836d2949e9a9408d40bec0177b414cd5d

reference_url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0a534f1cde7555f7208e9f9b791c1ab396d215eaaef283b3a9153429@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r49c9ab444ab1107c6a8be8a0d66602dec32a16d96c2631fec8d309fb@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4a57de5215494c35c8304cf114be75d42df7abc6c0c54bf163c3e370@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r513758942356ccd0d14538ba18a09903fc72716d74be1cb727ea91ff%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6341f2a468ced8872a71997aa1786ce036242413484f0fa68dc9ca02@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6c2fa7949738e9d39606f1d7cd890c93a2633e3357c9aeaf886ea9a6@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79201a209df9a4e7f761e537434131b4e39eabec4369a7d668904df4@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79323adac584edab99fd5e4b52a013844b784a5d4b600da0662b33d6@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9328eb49305e4cacc80e182bfd8a2efd8e640d940e24f5bfd7d5cb26@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r941e9be04efe0f455d20aeac88516c0848decd7e7b1d93d5687060f4@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb12afaa421d483863c4175e42e5dbd0673917a3cff73f3fca4f8275f@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc0057ebf32b646ab47f7f5744a8948332e015c39044cbb9d87ea76cd@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rca4516b00b55b347905df45e5d0432186248223f30497db87aba8710@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4129c6b9e0410848bbd3761187ce9c19bc1cd491037b253007df99e@%3Cissues.solr.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210304-0001

reference_url	https://security.netapp.com/advisory/ntap-20210304-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210304-0001/

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237
reference_id	1925237
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1925237

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_id

CVE-2020-9492

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9492

reference_url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_id

GHSA-f8vc-wfc8-hxqh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f8vc-wfc8-hxqh

reference_url	https://access.redhat.com/errata/RHSA-2022:5606
reference_id	RHSA-2022:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5606

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

purl pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.2

aliases CVE-2020-9492, GHSA-f8vc-wfc8-hxqh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xbr-pekw-ukcn

url VCID-6fnh-mjwd-9qee

vulnerability_id VCID-6fnh-mjwd-9qee

summary

Privilege escalation
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8029.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8029.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_id

reference_type

scores

value	0.02072
scoring_system	epss
scoring_elements	0.8406
published_at	2026-05-07T12:55:00Z

value	0.02072
scoring_system	epss
scoring_elements	0.84037
published_at	2026-05-05T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84262
published_at	2026-04-11T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84319
published_at	2026-04-29T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84314
published_at	2026-04-26T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84276
published_at	2026-04-16T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84254
published_at	2026-04-13T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84184
published_at	2026-04-01T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84197
published_at	2026-04-02T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84215
published_at	2026-04-04T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84216
published_at	2026-04-07T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84238
published_at	2026-04-08T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84244
published_at	2026-04-09T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84257
published_at	2026-04-12T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84305
published_at	2026-04-24T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84281
published_at	2026-04-21T12:55:00Z

value	0.02152
scoring_system	epss
scoring_elements	0.84277
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029

reference_url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_url	https://security.netapp.com/advisory/ntap-20190617-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190617-0001/

reference_url	https://www.openwall.com/lists/oss-security/2019/05/30/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/05/30/1

reference_url

http://www.securityfocus.com/bid/108518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108518

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1795321
reference_id	1795321
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1795321

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_id

CVE-2018-8029

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

reference_id

GHSA-37pw-qw47-4jxm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

aliases CVE-2018-8029, GHSA-37pw-qw47-4jxm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fnh-mjwd-9qee

url VCID-a8xd-ukj7-tqbk

vulnerability_id VCID-a8xd-ukj7-tqbk

summary

Apache Hadoop argument injection vulnerability
Apache Hadoop's `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_id

reference_type

scores

value	0.03008
scoring_system	epss
scoring_elements	0.86663
published_at	2026-05-07T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86582
published_at	2026-04-09T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86597
published_at	2026-04-11T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-12T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86586
published_at	2026-04-13T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86601
published_at	2026-04-16T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86606
published_at	2026-04-18T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86598
published_at	2026-04-21T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86616
published_at	2026-04-24T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86625
published_at	2026-04-26T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86623
published_at	2026-04-29T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86644
published_at	2026-05-05T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86535
published_at	2026-04-02T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86553
published_at	2026-04-07T12:55:00Z

value	0.03008
scoring_system	epss
scoring_elements	0.86572
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_url	https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0007/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084
reference_id	2119084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2119084

reference_url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

reference_id

GHSA-8wm5-8h9c-47pc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
purl	pkg:maven/org.apache.hadoop/hadoop-main@3.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.2.4

url pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

purl pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q8gj-qdrr-j7cb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.3.3

aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xd-ukj7-tqbk

url VCID-jxf7-btpn-xyax

vulnerability_id VCID-jxf7-btpn-xyax

summary In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11768.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11768

reference_id

reference_type

scores

value	0.01294
scoring_system	epss
scoring_elements	0.79802
published_at	2026-05-07T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79778
published_at	2026-05-05T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79709
published_at	2026-04-18T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79646
published_at	2026-04-07T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7966
published_at	2026-04-04T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79638
published_at	2026-04-02T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79631
published_at	2026-04-01T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79764
published_at	2026-04-29T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7975
published_at	2026-04-26T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79743
published_at	2026-04-24T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79712
published_at	2026-04-21T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.7968
published_at	2026-04-13T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79687
published_at	2026-04-12T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79703
published_at	2026-04-11T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79682
published_at	2026-04-09T12:55:00Z

value	0.01294
scoring_system	epss
scoring_elements	0.79675
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11768

reference_url

https://hadoop.apache.org/cve_list.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hadoop.apache.org/cve_list.html

reference_url

https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2067a797b330530a6932f4b08f703b3173253d0a2b7c8c524e54adaf%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2c9cc65864be0058a5d5ed2025dfb9c700bf23d352b0c826c36ff96a%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/72ca514e01cd5f08151e74f9929799b4cbe1b6e9e6cd24faa72ffcc6%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/9b609d4392d886711e694cf40d86f770022baf42a1b1aa97e8244c87%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378@%3Cgeneral.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/caacbbba2dcc1105163f76f3dfee5fbd22e0417e0783212787086378%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda@%3Cdev.lucene.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ceb16af9139ab0fea24aef935b6321581976887df7ad632e9a515dda%40%3Cdev.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/ea6d2dfbefab8ebe46be18b05136b83ae53b7866f1bc60c680a2b600%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4@%3Chdfs-dev.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f20bb4e055d8394fc525cc7772fb84096f706389043e76220c8a29a4%40%3Chdfs-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cdev.flink.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb%40%3Cuser.flink.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11768

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11768

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1764650
reference_id	1764650
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1764650

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::
reference_id	cpe:2.3:a:apache:hadoop::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.1:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.2:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.2:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.3:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.3:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.4:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.4:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.5:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.5:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.6:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::
reference_id	cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.6:alpha::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta::::::
reference_id	cpe:2.3:a:apache:hadoop:2.1.1:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.1.1:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:-::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::

reference_url

https://github.com/advisories/GHSA-hx83-rpqf-m267

reference_id

GHSA-hx83-rpqf-m267

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hx83-rpqf-m267

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

purl pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.1.2

aliases CVE-2018-11768, GHSA-hx83-rpqf-m267

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxf7-btpn-xyax

Fixing_vulnerabilities

url VCID-14hy-wmsv-fbeh

vulnerability_id VCID-14hy-wmsv-fbeh

summary

Improper Authentication in Apache Hadoop
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11765.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11765.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11765

reference_id

reference_type

scores

value	0.01147
scoring_system	epss
scoring_elements	0.78587
published_at	2026-05-07T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78526
published_at	2026-04-24T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78497
published_at	2026-04-16T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78468
published_at	2026-04-13T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78476
published_at	2026-04-12T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78494
published_at	2026-04-11T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78469
published_at	2026-04-09T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78464
published_at	2026-04-08T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78438
published_at	2026-04-07T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78454
published_at	2026-04-04T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78423
published_at	2026-04-02T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78563
published_at	2026-05-05T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78548
published_at	2026-04-29T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78533
published_at	2026-04-26T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78417
published_at	2026-04-01T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78492
published_at	2026-04-21T12:55:00Z

value	0.01147
scoring_system	epss
scoring_elements	0.78496
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11765

reference_url

https://lists.apache.org/thread.html/r17d94d132b207dad221595fd8b8b18628f5f5ec7e3f5be939ecd8928@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r17d94d132b207dad221595fd8b8b18628f5f5ec7e3f5be939ecd8928@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2c7f899911a04164ed1707083fcd4135f8427e04778c87d83509b0da%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r46447f38ea8c89421614e9efd7de5e656186d35e10fc97cf88477a01@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r46447f38ea8c89421614e9efd7de5e656186d35e10fc97cf88477a01@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r74825601e93582167eb7cdc2f764c74c9c6d8006fa90018562fda60f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r74825601e93582167eb7cdc2f764c74c9c6d8006fa90018562fda60f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r79b15c5b66c6df175d01d7560adf0cd5c369129b9a161905e0339927@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r79b15c5b66c6df175d01d7560adf0cd5c369129b9a161905e0339927@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb241464d83baa3749b08cd3dabc8dba70a9a9027edcef3b5d4c24ef4@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb241464d83baa3749b08cd3dabc8dba70a9a9027edcef3b5d4c24ef4@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbe25cac0f499374f8ae17a4a44a8404927b56de28d4c41940d82b7a4@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbe25cac0f499374f8ae17a4a44a8404927b56de28d4c41940d82b7a4@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/reea5eb8622afbfbfca46bc758f79db83d90a3263a906c4d1acba4971@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/reea5eb8622afbfbfca46bc758f79db83d90a3263a906c4d1acba4971@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf9dfa8b77585c9227db9637552eebb2ab029255a0db4eb76c2b6c4cf@%3Cdev.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf9dfa8b77585c9227db9637552eebb2ab029255a0db4eb76c2b6c4cf@%3Cdev.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11765

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11765

reference_url

https://security.netapp.com/advisory/ntap-20201016-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201016-0005

reference_url	https://security.netapp.com/advisory/ntap-20201016-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20201016-0005/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1883549
reference_id	1883549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1883549

reference_url

https://github.com/advisories/GHSA-rhh9-cm65-3w54

reference_id

GHSA-rhh9-cm65-3w54

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rhh9-cm65-3w54

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-main@2.8.6
purl	pkg:maven/org.apache.hadoop/hadoop-main@2.8.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.6

url	pkg:maven/org.apache.hadoop/hadoop-main@2.9.3
purl	pkg:maven/org.apache.hadoop/hadoop-main@2.9.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.3

url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

aliases CVE-2018-11765, GHSA-rhh9-cm65-3w54

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14hy-wmsv-fbeh

url VCID-j858-d38m-vfhc

vulnerability_id VCID-j858-d38m-vfhc

summary

Information Exposure
In Apache Hadoop, HDFS exposes extended attribute key/value pairs during `listXAttrs`, verifying only path-level search access to the directory rather than path-level read permission to the referent.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1296.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1296

reference_id

reference_type

scores

value	0.00574
scoring_system	epss
scoring_elements	0.68829
published_at	2026-05-07T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68736
published_at	2026-04-09T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68759
published_at	2026-04-11T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68745
published_at	2026-04-12T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68715
published_at	2026-04-13T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68758
published_at	2026-04-16T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68768
published_at	2026-04-18T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68747
published_at	2026-04-21T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68795
published_at	2026-04-24T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68801
published_at	2026-04-26T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68807
published_at	2026-04-29T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68787
published_at	2026-05-05T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68652
published_at	2026-04-01T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.6867
published_at	2026-04-02T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68689
published_at	2026-04-04T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68667
published_at	2026-04-07T12:55:00Z

value	0.00574
scoring_system	epss
scoring_elements	0.68718
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1296

reference_url

https://github.com/advisories/GHSA-v569-g72v-q434

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v569-g72v-q434

reference_url

https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e@%3Cuser.hadoop.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a5b15bc76fbdad2ee40761aacf954a13aeef67e305f86d483f267e8e%40%3Cuser.hadoop.apache.org%3E

reference_url

http://www.securityfocus.com/bid/106764

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106764

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1671291
reference_id	1671291
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1671291

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::
reference_id	cpe:2.3:a:apache:hadoop::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.1:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.2:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.3:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.8.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.8.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.9.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:2.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:::::::*
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_id	cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1296

reference_id

CVE-2018-1296

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1296

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

purl pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-ej9n-h4mm-gkg3

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.7.6

url pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

purl pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.8.4

url pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

purl pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-hbtn-6f44-4fa2

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@2.9.1

url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

aliases CVE-2018-1296, GHSA-v569-g72v-q434

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j858-d38m-vfhc

url VCID-r1cq-j3tq-p3cz

vulnerability_id VCID-r1cq-j3tq-p3cz

summary

Missing Authentication for Critical Function
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11764.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11764.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11764

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.39799
published_at	2026-05-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40191
published_at	2026-04-13T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40239
published_at	2026-04-16T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40132
published_at	2026-04-21T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39958
published_at	2026-04-24T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39943
published_at	2026-04-26T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39864
published_at	2026-04-29T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.39734
published_at	2026-05-05T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40075
published_at	2026-04-01T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40224
published_at	2026-04-08T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40249
published_at	2026-04-04T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40172
published_at	2026-04-07T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40236
published_at	2026-04-09T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40248
published_at	2026-04-11T12:55:00Z

value	0.00185
scoring_system	epss
scoring_elements	0.40209
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11764

reference_url

https://lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r790ad0a049cde713b93589ecfd4dd2766fda0fc6807eedb6cf69f5c1%40%3Cgeneral.hadoop.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20201103-0003

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201103-0003

reference_url	https://security.netapp.com/advisory/ntap-20201103-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20201103-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1890161
reference_id	1890161
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1890161

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11764

reference_id

CVE-2018-11764

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11764

reference_url

https://github.com/advisories/GHSA-4fh8-pm7g-pmxq

reference_id

GHSA-4fh8-pm7g-pmxq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4fh8-pm7g-pmxq

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1xbr-pekw-ukcn

vulnerability	VCID-6fnh-mjwd-9qee

vulnerability	VCID-a8xd-ukj7-tqbk

vulnerability	VCID-jxf7-btpn-xyax

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

aliases CVE-2018-11764, GHSA-4fh8-pm7g-pmxq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1cq-j3tq-p3cz

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-main@3.0.1

Package Instance