Vulnerabilities > Apache > Hadoop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-16 | CVE-2023-26031 | Untrusted Search Path vulnerability in Apache Hadoop 3.3.1/3.3.2/3.3.4 Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. | 7.5 |
| 2022-08-25 | CVE-2021-25642 | Unspecified vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |
| 2022-08-04 | CVE-2022-25168 | Unspecified vulnerability in Apache Hadoop Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. | 9.8 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2022-06-13 | CVE-2021-37404 | Unspecified vulnerability in Apache Hadoop There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. | 9.8 |
| 2022-04-07 | CVE-2022-26612 | Link Following vulnerability in Apache Hadoop In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. | 9.8 |
| 2021-01-26 | CVE-2020-9492 | Incorrect Authorization vulnerability in multiple products In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 8.8 |
| 2020-10-21 | CVE-2018-11764 | Missing Authentication for Critical Function vulnerability in Apache Hadoop 3.0.0 Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. | 8.8 |
| 2020-09-30 | CVE-2018-11765 | Improper Authentication vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. | 7.5 |
| 2019-10-29 | CVE-2012-2945 | Link Following vulnerability in Apache Hadoop 1.0.3 Hadoop 1.0.3 contains a symlink vulnerability. | 7.5 |