The vulnerability of the API FileUtil.unTar(file, file) implementation in the Apache Hadoop distributed development and execution platform allows a attacker to execute arbitrary commands.

The vulnerability of the API FileUtil.unTarfile, file implementation in the Apache Hadoop distributed development and execution platform is related to the introduction or modification of arguments. Exploiting this vulnerability may allow a malicious actor to execute arbitrary commands remotely...

GHSA-8WM5-8H9C-47PC Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

Apache Hadoop argument injection vulnerability

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...