3 matches found
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...
com.github.sakserv:hadoop-mini-clusters (=0.0.14), de.m3y.oozie.prometheus:oozie-prometheus-job-event-listener (>=1.0 <=1.2) +10 more potentially affected by CVE-2017-15712 via org.apache.oozie:oozie-core (>=4.1.0 <=4.2.0)
org.apache.oozie:oozie-core MAVEN version =4.1.0, =1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.1.0, =4.2.0 - org.kitesdk:kite-data-oozie =1.1.0 Source cves: CVE-2017-15712 Source advisory: OSV:GHSA-2FX6-R6QX-3C7H...
CVE-2017-15712
CVE-2017-15712 affects Apache Oozie before fixes: vulnerable versions include 3.1.3-incubating up to 4.3.0 and 5.0.0-beta1. The issue allows a remote attacker to obtain private files on the Oozie server by crafting a workflow XML that references sensitive files via XML directives/configuration. T...