Vulnerabilities > Apache > Hadoop > 3.2.3

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2021-25642 Deserialization of Untrusted Data vulnerability in Apache Hadoop
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation.
network
low complexity
apache CWE-502
8.8
8.8
2022-08-04 CVE-2022-25168 OS Command Injection vulnerability in Apache Hadoop
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.
network
low complexity
apache CWE-78
critical
 9.8
9.8