Vulnerabilities > Apache > Hadoop > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-04 | CVE-2022-25168 | Unspecified vulnerability in Apache Hadoop Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. | 9.8 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2022-04-07 | CVE-2022-26612 | Link Following vulnerability in Apache Hadoop In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. | 9.8 |
| 2021-01-26 | CVE-2020-9492 | Incorrect Authorization vulnerability in multiple products In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 8.8 |
| 2019-10-04 | CVE-2018-11768 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Hadoop In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. | 7.5 |
| 2019-05-30 | CVE-2018-8029 | Unspecified vulnerability in Apache Hadoop In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2018-11-13 | CVE-2018-8009 | Path Traversal vulnerability in Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. | 8.8 |
| 2018-01-19 | CVE-2017-15713 | Information Exposure vulnerability in Apache Hadoop Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. | 6.5 |
| 2017-08-30 | CVE-2016-5001 | Information Exposure vulnerability in Apache Hadoop This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. | 5.5 |
| 2017-04-26 | CVE-2017-3162 | Improper Input Validation vulnerability in Apache Hadoop HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. | 7.3 |