Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main

2018-12-21T17:50:03
ID GHSA-99QR-9CC9-FV2X
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:05

Description

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.