Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Version 2.8.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.10.2

Latest_non_vulnerable_version 3.4.0

Affected_by_vulnerabilities

url VCID-hzne-ppwz-6qeh

vulnerability_id VCID-hzne-ppwz-6qeh

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_id

reference_type

scores

value	0.01257
scoring_system	epss
scoring_elements	0.79699
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37404

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/2h56ztcj3ojc66qzf1nno88vjw9vd4wo

reference_url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220715-0007

reference_url	https://security.netapp.com/advisory/ntap-20220715-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220715-0007/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_id

CVE-2021-37404

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37404

reference_url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

reference_id

GHSA-rmpj-7c96-mrg8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rmpj-7c96-mrg8

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

purl pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.3

url pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

purl pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.2

aliases CVE-2021-37404, GHSA-rmpj-7c96-mrg8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzne-ppwz-6qeh

url VCID-jd2z-gp4k-97dq

vulnerability_id VCID-jd2z-gp4k-97dq

summary

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8009

reference_id

reference_type

scores

value	0.04616
scoring_system	epss
scoring_elements	0.89433
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8009

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url	https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e

reference_url

https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432

reference_url	https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47

reference_url

https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f

reference_url

https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9

reference_url

https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde

reference_url	https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607

reference_url	https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6

reference_url	https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde

reference_url	https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2

reference_url	https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860

reference_url	https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1
reference_id
reference_type
scores
url	https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1

reference_url

https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9

reference_url

https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://snyk.io/research/zip-slip-vulnerability

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/research/zip-slip-vulnerability

reference_url

http://www.securityfocus.com/bid/105927

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105927

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8009

reference_id

CVE-2018-8009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8009

reference_url

https://github.com/advisories/GHSA-6x48-j4x4-cqw3

reference_id

GHSA-6x48-j4x4-cqw3

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6x48-j4x4-cqw3

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

url pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

purl pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

url pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

aliases CVE-2018-8009, GHSA-6x48-j4x4-cqw3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jd2z-gp4k-97dq

url VCID-n2yn-xfvx-g7a2

vulnerability_id VCID-n2yn-xfvx-g7a2

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_id

reference_type

scores

value	0.03008
scoring_system	epss
scoring_elements	0.86821
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25168

reference_url

https://github.com/apache/hadoop

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop

reference_url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/hadoop/commit/cae749b076f35f0be13a926ee8cfbb7ce4402746

reference_url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/mxqnb39jfrwgs3j6phwvlrfq4mlox130

reference_url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0007

reference_url	https://security.netapp.com/advisory/ntap-20220915-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20220915-0007/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_id

CVE-2022-25168

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25168

reference_url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

reference_id

GHSA-8wm5-8h9c-47pc

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8wm5-8h9c-47pc

fixed_packages

url	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
purl	pkg:maven/org.apache.hadoop/hadoop-common@2.10.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.10.2

url	pkg:maven/org.apache.hadoop/hadoop-common@3.2.4
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.2.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.2.4

url	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
purl	pkg:maven/org.apache.hadoop/hadoop-common@3.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.3.3

aliases CVE-2022-25168, GHSA-8wm5-8h9c-47pc

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2yn-xfvx-g7a2

url VCID-nr94-ag1e-83ad

vulnerability_id VCID-nr94-ag1e-83ad

summary

Privilege escalation
A user who can escalate to yarn user can possibly run arbitrary commands as root user.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_id

reference_type

scores

value	0.01381
scoring_system	epss
scoring_elements	0.80595
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8029

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029

reference_url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a0164b87660223a2d491f83c88f905fe1a9fa8dc795148d9b0d968c8@%3Cdev.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a97c53a81e639ca2fc7b8f61a4fcd1842c2a78544041244a7c624727@%3Cissues.hbase.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190617-0001

reference_url	https://security.netapp.com/advisory/ntap-20190617-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190617-0001/

reference_url	https://www.openwall.com/lists/oss-security/2019/05/30/1
reference_id
reference_type
scores
url	https://www.openwall.com/lists/oss-security/2019/05/30/1

reference_url

http://www.securityfocus.com/bid/108518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/108518

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_id

CVE-2018-8029

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8029

reference_url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

reference_id

GHSA-37pw-qw47-4jxm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-37pw-qw47-4jxm

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.5

url pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

purl pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.9.2

url pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

purl pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-n2yn-xfvx-g7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.1.1

aliases CVE-2018-8029, GHSA-37pw-qw47-4jxm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nr94-ag1e-83ad

Fixing_vulnerabilities

url VCID-ax8z-33ed-g3gb

vulnerability_id VCID-ax8z-33ed-g3gb

summary

Information Exposure
Vulnerability in Apache Hadoop allows a cluster user to expose private files owned by the user running the `MapReduce` job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the `MapReduce` job history server host.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_id

reference_type

scores

value	0.00191
scoring_system	epss
scoring_elements	0.40896
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15713

reference_url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a790a251ace7213bde9f69777dedb453b1a01a6d18289c14a61d4f91@%3Cgeneral.hadoop.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_id

CVE-2017-15713

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15713

reference_url

https://github.com/advisories/GHSA-3v44-382q-55f4

reference_id

GHSA-3v44-382q-55f4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3v44-382q-55f4

fixed_packages

url pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

purl pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ggak-tqmx-vuay

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.0.0-alpha

url pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

purl pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ggak-tqmx-vuay

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jabk-tfv9-gfhx

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-uzvk-u8b3-nuf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.1.0-beta

url pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

purl pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

url pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

purl pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hzne-ppwz-6qeh

vulnerability	VCID-jd2z-gp4k-97dq

vulnerability	VCID-n2yn-xfvx-g7a2

vulnerability	VCID-nr94-ag1e-83ad

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@3.0.1

aliases CVE-2017-15713, GHSA-3v44-382q-55f4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax8z-33ed-g3gb

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-common@2.8.3

Package Instance