Vulnerabilities > Apache > Hadoop > 3.3.2

DATE CVE VULNERABILITY TITLE RISK
2023-11-16 CVE-2023-26031 Untrusted Search Path vulnerability in Apache Hadoop 3.3.1/3.3.2/3.3.4
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges.
network
high complexity
apache CWE-426
7.5
7.5
2022-08-25 CVE-2021-25642 Unspecified vulnerability in Apache Hadoop
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation.
network
low complexity
apache
8.8
8.8
2022-08-04 CVE-2022-25168 Unspecified vulnerability in Apache Hadoop
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell.
network
low complexity
apache
critical
 9.8
9.8
2022-06-15 CVE-2021-33036 Path Traversal vulnerability in Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-22
8.8
8.8
2022-06-13 CVE-2021-37404 Unspecified vulnerability in Apache Hadoop
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code.
network
low complexity
apache
critical
 9.8
9.8
2022-04-07 CVE-2022-26612 Link Following vulnerability in Apache Hadoop
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes.
network
low complexity
apache CWE-59
critical
 9.8
9.8