Lucene search

China National Vulnerability DatabaseCNVD-2022-62073

HistoryAug 05, 2022 - 12:00 a.m.

Apache Hadoop Parameter Injection Vulnerability

2022-08-0500:00:00

China National Vulnerability Database

www.cnvd.org.cn

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its FileUtil.unTar(File, File) API that does not escape the name of the file submitted by the user to the shell causing an attacker to inject arbitrary commands. No details of the vulnerability are currently available.

CPENameOperatorVersion
Apache Apache Hadoop >=2.0.0，le2.10.1
Apache Apache Hadoop >=3.3.0，le3.3.2
Apache Apache Hadoop >=3.0.0，le3.2.3

Name	Operator	Version
Apache Apache Hadoop >=2.0.0，	le	2.10.1
Apache Apache Hadoop >=3.3.0，	le	3.3.2
Apache Apache Hadoop >=3.0.0，	le	3.2.3

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Related for CNVD-2022-62073