Vulnerabilities > Apache > Hadoop > 2.3.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-04 CVE-2022-25168 OS Command Injection vulnerability in Apache Hadoop
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.
network
low complexity
apache CWE-78
critical
9.8
2022-06-15 CVE-2021-33036 Path Traversal vulnerability in Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-22
8.8
2022-04-07 CVE-2022-26612 Link Following vulnerability in Apache Hadoop
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes.
network
low complexity
apache CWE-59
critical
9.8
2021-01-26 CVE-2020-9492 Incorrect Authorization vulnerability in multiple products
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
network
low complexity
apache oracle CWE-863
8.8
2019-10-04 CVE-2018-11768 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Hadoop
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
network
low complexity
apache CWE-119
7.5
2019-05-30 CVE-2018-8029 Unspecified vulnerability in Apache Hadoop
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache
8.8
2018-11-13 CVE-2018-8009 Path Traversal vulnerability in Apache Hadoop
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
network
low complexity
apache CWE-22
8.8
2018-01-19 CVE-2017-15713 Information Exposure vulnerability in Apache Hadoop
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process.
network
low complexity
apache CWE-200
6.5
2017-08-30 CVE-2016-5001 Information Exposure vulnerability in Apache Hadoop
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS.
local
low complexity
apache CWE-200
5.5
2017-04-26 CVE-2017-3162 Improper Input Validation vulnerability in Apache Hadoop
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace.
network
low complexity
apache CWE-20
7.3