4 matches found
CVE-2021-25642
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
Apache Hadoop code issue vulnerability
Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data, and is highly reliable, scalable, and fault-tolerant.Apache Hadoop YARN has a security vulnerability that stems from the option...
GHSA-RR2M-GFFV-MGRJ Deserialization of Untrusted Data in Apache Hadoop YARN
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
Apache Hadoop 代码问题漏洞
Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data, and is highly reliable, scalable, and fault-tolerant.Apache Hadoop YARN has a security vulnerability that stems from the option...