8 matches found
Security Bulletin: IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2022-25168)
Summary A security vulnerability has been identified in the IBM Spectrum Scale GPFS Hadoop connector which could allow a local authenticated attacker to execute arbitrary commands on the system. Fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2022-25168 DESCRIPTION: Apach...
Security Bulletin: Vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis (CVE-2022-26612, CVE-2022-25168)
Summary Multiple vulnerabilities in Apache Hadoop affect IBM Operations Analytics - Log Analysis. This has been fixed. The vulnerabilities are in Vulnerability Details section. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypas...
CVE-2022-25168
A flaw was found in the hadoop-common package. This flaw allows an attacker to benefit from command injection using the org.apache.hadoop.fs.FileUtil.unTarUsingTar function...
ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +647 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.3.0 <=3.3.2)
org.apache.hadoop:hadoop-common MAVEN version =3.3.0, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.13.0, =0.2.7, =0.2.7, =0.6.1.2, =1.0.0, =1.0.0, =0.2.2, =1.0.0, =1.0.0, =0.2.2, =0.4.1 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...
ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.chronon:aggregator_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +1329 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.0.0-alpha1 <=3.2.3)
org.apache.hadoop:hadoop-common MAVEN version =3.0.0-alpha1, =1.0.1, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =thread-pool-0.0.24-dev, =0.0.6, =0.0.2, =0.1.7, =3.34.0.3-1-3.1, =0.0.3, =1.0.0, =1.8.0 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...
CVE-2022-25168
creationtimestamp| type| source ---|---|--- 2022-08-04 18:19:39+00:00| seen| https://t.me/cibsecurity/47559 2024-01-27 23:54:45+00:00| seen| https://t.me/arpsyndicate/3121...
CVE-2022-25168
Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...
CVE-2022-25168
CVE-2022-25168 affects Apache Hadoop's FileUtil.unTar(File, File) API, which does not escape the input file name before passing it to the shell. This enables command injection. In Hadoop, this vulnerability has been identified in the InMemoryAliasMap.bootstrap transfer path (local user context), ...