Search for packages
Package details: pkg:maven/org.apache.hadoop/hadoop-main@2.0.0-alpha
purl pkg:maven/org.apache.hadoop/hadoop-main@2.0.0-alpha
Next non-vulnerable version 2.8.6
Latest non-vulnerable version 3.3.5
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-48d9-7sfj-zfh3
Aliases:
CVE-2018-1296
GHSA-v569-g72v-q434
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
2.7.6
Affected by 7 other vulnerabilities.
2.8.4
Affected by 5 other vulnerabilities.
2.9.1
Affected by 6 other vulnerabilities.
3.0.1
Affected by 5 other vulnerabilities.
VCID-bvc6-q3ey-p7ed
Aliases:
CVE-2017-3166
GHSA-99qr-9cc9-fv2x
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.
2.7.3
Affected by 8 other vulnerabilities.
VCID-fhzp-w161-nua6
Aliases:
CVE-2018-8009
GHSA-6x48-j4x4-cqw3
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
2.7.7
Affected by 4 other vulnerabilities.
2.8.5
Affected by 3 other vulnerabilities.
2.9.2
Affected by 3 other vulnerabilities.
3.0.3
Affected by 4 other vulnerabilities.
3.1.1
Affected by 3 other vulnerabilities.
VCID-x1em-rq9s-s7ae
Aliases:
CVE-2017-15713
GHSA-3v44-382q-55f4
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host.
2.7.5
Affected by 8 other vulnerabilities.
2.8.3
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-awsq-a54z-a7am Hadoop symlink vulnerability Hadoop 1.0.3 contains a symlink vulnerability as a result of storing pid files in the shared `/tmp` directory by default. CVE-2012-2945
GHSA-v5c9-98f7-2h54

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T18:14:33.416856+00:00 GitLab Importer Fixing VCID-awsq-a54z-a7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2012-2945.yml 37.0.0
2025-07-03T17:30:57.275194+00:00 GitLab Importer Affected by VCID-x1em-rq9s-s7ae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-15713.yml 37.0.0
2025-07-03T17:30:56.555904+00:00 GitLab Importer Affected by VCID-bvc6-q3ey-p7ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-main/CVE-2017-3166.yml 37.0.0
2025-07-03T16:43:55.740803+00:00 GHSA Importer Affected by VCID-48d9-7sfj-zfh3 https://github.com/advisories/GHSA-v569-g72v-q434 37.0.0
2025-07-03T16:43:28.551080+00:00 GHSA Importer Affected by VCID-fhzp-w161-nua6 https://github.com/advisories/GHSA-6x48-j4x4-cqw3 37.0.0
2025-07-03T16:43:28.217566+00:00 GHSA Importer Affected by VCID-x1em-rq9s-s7ae https://github.com/advisories/GHSA-3v44-382q-55f4 37.0.0
2025-07-03T16:43:28.114285+00:00 GHSA Importer Affected by VCID-bvc6-q3ey-p7ed https://github.com/advisories/GHSA-99qr-9cc9-fv2x 37.0.0