9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its FileUtil.unTar(File, File) API that does not escape the name of the file submitted by the user to the shell causing an attacker to inject arbitrary commands. No details of the vulnerability are currently available.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Apache Hadoop >=2.0.0, | le | 2.10.1 | |
Apache Apache Hadoop >=3.3.0, | le | 3.3.2 | |
Apache Apache Hadoop >=3.0.0, | le | 3.2.3 |