VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-27uy-abem-aaaq

Essentials
Severities (108)
References (40)
Severity details (35)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-27uy-abem-aaaq
Aliases	CVE-2018-8009 GHSA-6x48-j4x4-cqw3
Summary	Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2019:3892
rhas	Important	https://access.redhat.com/errata/RHSA-2019:3892
ssvc	Track	https://access.redhat.com/errata/RHSA-2019:3892
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json
epss	0.01135	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01135	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01135	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01135	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.01684	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.12985	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.13152	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
epss	0.27645	https://api.first.org/data/v1/epss?cve=CVE-2018-8009
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1593018
cvssv3	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-6x48-j4x4-cqw3
cvssv3.1	3.3	https://github.com/apache/hadoop
generic_textual	LOW	https://github.com/apache/hadoop
cvssv3.1	8.8	https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432
generic_textual	HIGH	https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432
cvssv3.1	8.8	https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f
generic_textual	HIGH	https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f
cvssv3.1	8.8	https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9
generic_textual	HIGH	https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9
cvssv3.1	8.8	https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde
generic_textual	HIGH	https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde
cvssv3.1	8.8	https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9
generic_textual	HIGH	https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9
cvssv3.1	8.8	https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop
generic_textual	HIGH	https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop
cvssv3.1	7.5	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
cvssv3.1	7.5	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
cvssv3.1	8.8	https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E
cvssv3.1	8.8	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
cvssv3.1	8.8	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
cvssv2	6.5	https://nvd.nist.gov/vuln/detail/CVE-2018-8009
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-8009
cvssv3.1	7.3	https://snyk.io/research/zip-slip-vulnerability
generic_textual	HIGH	https://snyk.io/research/zip-slip-vulnerability
cvssv3.1	8.8	http://www.securityfocus.com/bid/105927
generic_textual	HIGH	http://www.securityfocus.com/bid/105927

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-8009
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/hadoop
		https://github.com/apache/hadoop/commit/11a425d11a329010d0ff8255ecbcd1eb51b642e
		https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432
		https://github.com/apache/hadoop/commit/1373e3d8ad60e4da721a292912cb69243bfdf47
		https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f
		https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9
		https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde
		https://github.com/apache/hadoop/commit/6d7d192e4799b51931e55217e02baec14d49607
		https://github.com/apache/hadoop/commit/745f203e577bacb35b042206db94615141fa5e6
		https://github.com/apache/hadoop/commit/bd98d4e77cf9f7b2f4b1afb4d5e5bad0f6b2fde
		https://github.com/apache/hadoop/commit/cedc28d4ab2a27ba47e15ab2711218d96ec88d2
		https://github.com/apache/hadoop/commit/e3236a9680709de7a95ffbc11b20e1bdc95a860
		https://github.com/apache/hadoop/commit/eaa2b8035b584dfcf7c79a33484eb2dffd3fdb1
		https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9
		https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop
		https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
		https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
		https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E
		https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d%40%3Cuser.hadoop.apache.org%3E
		https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E
		https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510%40%3Ccommits.druid.apache.org%3E
		https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E
		https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a%40%3Ccommits.druid.apache.org%3E
		https://snyk.io/research/zip-slip-vulnerability
		http://www.securityfocus.com/bid/105927
1593018		https://bugzilla.redhat.com/show_bug.cgi?id=1593018
cpe:2.3:a:apache:hadoop::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop::::::::
cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:2.0.0:alpha::::::
cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha1::::::
cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha2::::::
cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha3::::::
cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:alpha4::::::
cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.0.0:beta1::::::
cpe:2.3:a:apache:hadoop:3.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.1.0:::::::*
CVE-2018-8009		https://nvd.nist.gov/vuln/detail/CVE-2018-8009
GHSA-6x48-j4x4-cqw3		https://github.com/advisories/GHSA-6x48-j4x4-cqw3
RHSA-2019:3892		https://access.redhat.com/errata/RHSA-2019:3892

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2019:3892

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:30:15Z/ Found at https://access.redhat.com/errata/RHSA-2019:3892

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8009.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/apache/hadoop

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/hadoop/commit/12258c7cff8d32710fbd8b9088a930e3ce27432

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/hadoop/commit/45a1c680c276c4501402f7bc4cebcf85a6fbc7f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/hadoop/commit/65e55097da2bb3f2fbdf9ba1946da25fe58bec9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/hadoop/commit/6a4ae6f6eeed1392a4828a5721fa1499f65bdde

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apache/hadoop/commit/fc4c20fc3469674cb584a4fb98bac7e3c2277c9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8009

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-8009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Found at https://snyk.io/research/zip-slip-vulnerability

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.84468
EPSS Score	0.01135
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.