3 matches found
org.apache.hadoop:hadoop-client (=0.23.10), org.apache.hama:hama-yarn (>=0.5.0 <=0.6.2) +6 more potentially affected by CVE-2014-0229 via org.apache.hadoop:hadoop-common (>=0.23.1 <=0.23.10)
org.apache.hadoop:hadoop-common MAVEN version =0.23.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.0, =0.5.0, =0.5.0, =0.8.1 Source cves: CVE-2014-0229 Source advisory: OSV:GHSA-9R7G-325H-MXRM...
CVE-2014-0229
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the 1 refreshNamenodes, 2 deleteBlockPool, and 3 shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service DataNode...
CVE-2014-0229
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1 (and Cloudera CDH 5.0.x before 5.0.2) fail to check authorization for HDFS admin commands refreshNamenodes, deleteBlockPool, and shutdownDatanode. This allows remote authenticated users to cause DataNodes to shut down or perform unnecessary...