VulnerableCode Package Details - pkg:maven/org.apache.hadoop/hadoop-common@2.0.0

Search for packages

Package details: pkg:maven/org.apache.hadoop/hadoop-common@2.0.0

Essentials
History (23)

purl	pkg:maven/org.apache.hadoop/hadoop-common@2.0.0
Tags	Ghost

Next non-vulnerable version	3.4.0
Latest non-vulnerable version	3.4.0
Risk	4.5

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-27uy-abem-aaaq Aliases: CVE-2018-8009 GHSA-6x48-j4x4-cqw3	Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main	2.7.7 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.5 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.9.2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5eqj-bmxq-aaaj Aliases: CVE-2013-2192 GHSA-pxv5-5vmp-3jj4	CVE-2013-2192 hadoop: man-in-the-middle vulnerability	2.0.6-alpha Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dcdx-yb8v-aaah Aliases: CVE-2022-25168 GHSA-8wm5-8h9c-47pc	Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136).	2.10.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.3.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-nw1a-xk1d-aaaj Aliases: CVE-2014-0229 GHSA-9r7g-325h-mxrm	Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.	2.4.1 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ysum-kcf5-aaah Aliases: CVE-2020-9492 GHSA-f8vc-wfc8-hxqh	Improper Privilege Management in Apache Hadoop	2.10.1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zkxb-94xn-aaaa Aliases: CVE-2017-15713 GHSA-3v44-382q-55f4	Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main	2.1.0-beta Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.8.3 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.0.1 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-29T10:47:12.618477+00:00	GHSA Importer	Affected by	VCID-dcdx-yb8v-aaah	None	36.0.0
2025-03-28T20:05:43.788220+00:00	GHSA Importer	Affected by	VCID-ysum-kcf5-aaah	None	36.0.0
2025-01-17T02:29:25.540660+00:00	GHSA Importer	Affected by	VCID-nw1a-xk1d-aaaj	None	35.1.0
2025-01-17T02:29:11.163543+00:00	GHSA Importer	Affected by	VCID-5eqj-bmxq-aaaj	None	35.1.0
2025-01-16T23:28:27.460908+00:00	GitLab Importer	Affected by	VCID-dcdx-yb8v-aaah	None	35.1.0
2024-09-17T22:41:09.479102+00:00	GitLab Importer	Affected by	VCID-nw1a-xk1d-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2014-0229.yml	34.0.1
2024-09-17T22:41:09.209946+00:00	GitLab Importer	Affected by	VCID-dcdx-yb8v-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2022-25168.yml	34.0.1
2024-09-17T22:41:08.997928+00:00	GitLab Importer	Affected by	VCID-5eqj-bmxq-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2013-2192.yml	34.0.1
2024-09-17T22:41:08.643314+00:00	GitLab Importer	Affected by	VCID-zkxb-94xn-aaaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2017-15713.yml	34.0.1
2024-09-17T22:41:08.170074+00:00	GitLab Importer	Affected by	VCID-27uy-abem-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8009.yml	34.0.1
2024-09-17T22:05:13.159914+00:00	GHSA Importer	Affected by	VCID-ysum-kcf5-aaah	https://github.com/advisories/GHSA-f8vc-wfc8-hxqh	34.0.1
2024-09-17T22:04:24.789375+00:00	GHSA Importer	Affected by	VCID-nw1a-xk1d-aaaj	https://github.com/advisories/GHSA-9r7g-325h-mxrm	34.0.1
2024-09-17T22:04:23.398169+00:00	GHSA Importer	Affected by	VCID-5eqj-bmxq-aaaj	https://github.com/advisories/GHSA-pxv5-5vmp-3jj4	34.0.1
2024-09-17T22:04:17.781988+00:00	GHSA Importer	Affected by	VCID-dcdx-yb8v-aaah	https://github.com/advisories/GHSA-8wm5-8h9c-47pc	34.0.1
2024-01-03T18:03:30.565348+00:00	GitLab Importer	Affected by	VCID-nw1a-xk1d-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2014-0229.yml	34.0.0rc1
2024-01-03T18:03:30.291934+00:00	GitLab Importer	Affected by	VCID-dcdx-yb8v-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2022-25168.yml	34.0.0rc1
2024-01-03T18:03:30.064788+00:00	GitLab Importer	Affected by	VCID-5eqj-bmxq-aaaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2013-2192.yml	34.0.0rc1
2024-01-03T18:03:29.662782+00:00	GitLab Importer	Affected by	VCID-zkxb-94xn-aaaa	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2017-15713.yml	34.0.0rc1
2024-01-03T18:03:29.213925+00:00	GitLab Importer	Affected by	VCID-27uy-abem-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.hadoop/hadoop-common/CVE-2018-8009.yml	34.0.0rc1
2024-01-03T17:40:05.576852+00:00	GHSA Importer	Affected by	VCID-ysum-kcf5-aaah	https://github.com/advisories/GHSA-f8vc-wfc8-hxqh	34.0.0rc1
2024-01-03T17:39:12.169368+00:00	GHSA Importer	Affected by	VCID-nw1a-xk1d-aaaj	https://github.com/advisories/GHSA-9r7g-325h-mxrm	34.0.0rc1
2024-01-03T17:39:09.002203+00:00	GHSA Importer	Affected by	VCID-5eqj-bmxq-aaaj	https://github.com/advisories/GHSA-pxv5-5vmp-3jj4	34.0.0rc1
2024-01-03T17:39:01.350816+00:00	GHSA Importer	Affected by	VCID-dcdx-yb8v-aaah	https://github.com/advisories/GHSA-8wm5-8h9c-47pc	34.0.0rc1