12 matches found
Apache Hadoop security vulnerabilities
Apache Hadoop is an open-source distributed system framework developed by the Apache Foundation in the United States. This product enables distributed processing of large amounts of data, featuring high reliability, scalability, and fault tolerance. ClickHouse is an open-source implementation of...
SUSE CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file...
SUSE CVE-2018-11767
In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS blocking users or granting access to users incorrectly, if the system uses non-default groups mapping mechanisms...
ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +647 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=3.3.0 <=3.3.2)
org.apache.hadoop:hadoop-common MAVEN version =3.3.0, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.13.0, =0.2.7, =0.2.7, =0.6.1.2, =1.0.0, =1.0.0, =0.2.2, =1.0.0, =1.0.0, =0.2.2, =0.4.1 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...
GHSA-8WM5-8H9C-47PC Apache Hadoop argument injection vulnerability
Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...
ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +590 more potentially affected by CVE-2021-37404 via org.apache.hadoop:hadoop-common (>=3.3.0 <=3.3.1)
org.apache.hadoop:hadoop-common MAVEN version =3.3.0, =1.0.6, =1.0.6, =0.13.0, =0.2.7, =0.2.7, =0.6.1.2, =1.0.0, =1.0.0, =0.2.2, =1.0.0, =1.0.0, =0.2.2, =0.8.0, =0.8.0, =0.8.5 and more Source cves: CVE-2021-37404 Source advisory: OSV:GHSA-RMPJ-7C96-MRG8...
co.cask.tephra:tephra-examples (>=0.6.2 <=0.7.1), co.cask.tephra:tephra-hbase-compat-1.0-cdh (>=0.6.0 <=0.7.1) +356 more potentially affected by CVE-2016-5393 via org.apache.hadoop:hadoop-common (>=2.6.0 <=2.6.4)
org.apache.hadoop:hadoop-common MAVEN version =2.6.0, =0.6.2, =0.6.0, =1.7.0, =1.1.0, =1.1.0, =7.2.1, =3.0.0, =3.0.0, =7.2.1, =3.0.0, =3.0.0, =3.0.0, =3.6.7 and more Source cves: CVE-2016-5393 Source advisory: OSV:GHSA-7Q56-MP4C-GGGG...
GHSA-Q46V-CJ5V-HVG6 Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +2821 more potentially affected by CVE-2017-3162 via org.apache.hadoop:hadoop-client (>=0.23.10 <=2.6.5)
org.apache.hadoop:hadoop-client MAVEN version =0.23.10, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.0.25, =0.0.25, =0.0.25, =0.0.1, =0.0.1, =0.42.1, =0.2.0, =1.6.13 and more Source cves: CVE-2017-3162 Source advisory: OSV:GHSA-PR9X-QMP5-J3RR...
ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.30.0), com.alibaba.hbase:alihbase-connector (>=2.0.29.2 <=2.1.2.2) +208 more potentially affected by CVE-2020-9492 via org.apache.hadoop:hadoop-common (>=2.0.4-alpha <=2.10.0)
org.apache.hadoop:hadoop-common MAVEN version =2.0.4-alpha, =0.18.5, =2.0.29.2, =0.3.0, =0.3.0, =2.10.6.9, =3.0.0, =3.0.0, =0.24.0, =0.24.0, =0.24.0, =0.24.0, =0.19.3, =0.19.3, =0.24.0, =0.24.0, =0.25.0 and more Source cves: CVE-2020-9492 Source advisory: OSV:GHSA-F8VC-WFC8-HXQH...
Apache Hadoop elevation of privilege vulnerability (CNVD-2018-24261)
Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. A security vulnerability exis...
Apache Hadoop Information Disclosure Vulnerability (CNVD-2017-36014)
Apache Hadoop is the U.S. Apache Apache Software Foundation's set of open source distributed systems infrastructure, it can be distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance and other characteristics. A security vulnerability exis...