EUVD-2018-0678

Malware in sbrugna...

GHSA-R86J-2GC6-2CQ9 Race condition in org.apache.hbase:hbase-thrift

An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...

org.apache.hbase:hbase-assembly (=2.0.0), org.apache.hbase:hbase-examples (=2.0.0) potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (=2.0.0)

org.apache.hbase:hbase-thrift MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hbase:hbase-thrift and may be impacted: - org.apache.hbase:hbase-assembly =2.0.0 - org.apache.hbase:hbase-examples =2.0.0 Source cves:...

com.github.CCweixiao:hbase-sdk-thrift-core_1.x (>=2.0.7 <=2.0.8), org.apache.hbase:hbase-assembly (>=1.4.0 <=1.4.13) +1 more potentially affected by CVE-2018-8025 via org.apache.hbase:hbase-thrift (>=1.4.0 <=1.4.4)

org.apache.hbase:hbase-thrift MAVEN version =1.4.0, =2.0.7, =1.4.0, =1.4.0, =1.4.13 Source cves: CVE-2018-8025 Source advisory: OSV:GHSA-R86J-2GC6-2CQ9...

Authorization Bypass

hbase-thrift is vulnerable to authorization bypasses. The library contains a race-condition where authenticated sessions could get mixed up and cause users to be authenticated as another user. This only affects the optional Thrift 1 API server...