{"url":"http://public2.vulnerablecode.io/api/packages/54924?format=json","purl":"pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3","type":"maven","namespace":"org.apache.hadoop","name":"hadoop-yarn-server-nodemanager","version":"2.7.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.5","latest_non_vulnerable_version":"3.3.5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39339?format=json","vulnerability_id":"VCID-db4t-grfx-eqc6","summary":"Information Exposure\nThe YARN NodeManager in Apache Hadoop can leak the password for credential store provider used by the NodeManager to YARN Applications.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15718","reference_id":"CVE-2017-15718","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15718"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54926?format=json","purl":"pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.5"}],"aliases":["CVE-2017-15718"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db4t-grfx-eqc6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44143?format=json","vulnerability_id":"VCID-d6w1-2fxm-vqgf","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.","references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/95335","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95335"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3086","reference_id":"CVE-2016-3086","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3086"},{"reference_url":"https://github.com/advisories/GHSA-895m-ww55-59vw","reference_id":"GHSA-895m-ww55-59vw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-895m-ww55-59vw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63494?format=json","purl":"pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.6.5"},{"url":"http://public2.vulnerablecode.io/api/packages/54924?format=json","purl":"pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-db4t-grfx-eqc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3"}],"aliases":["CVE-2016-3086","GHSA-895m-ww55-59vw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6w1-2fxm-vqgf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hadoop/hadoop-yarn-server-nodemanager@2.7.3"}