9 matches found
Deserialization Of Untrusted Data
Apache Hadoop YARN Server is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in deserializeObject function in ZKConfigurationStore.java due to unsafe deserialization of data in ZooKeeper that is not being validated which allows an attacker to run arbitrary commands as YA...
Apache Hadoop code issue vulnerability
Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data, and is highly reliable, scalable, and fault-tolerant.Apache Hadoop YARN has a security vulnerability that stems from the option...
GHSA-RR2M-GFFV-MGRJ Deserialization of Untrusted Data in Apache Hadoop YARN
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
Deserialization of Untrusted Data in Apache Hadoop YARN
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
CVE-2021-25642
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
Input validation
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...
Apache Hadoop 代码问题漏洞
Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data, and is highly reliable, scalable, and fault-tolerant.Apache Hadoop YARN has a security vulnerability that stems from the option...
CVE-2021-25642
CVE-2021-25642 : Hadoop YARN’s CapacityScheduler can be exploited via ZKConfigurationStore, which deserializes data from ZooKeeper without validation. An attacker with ZooKeeper access can execute arbitrary commands as the YARN user. Affected Hadoop versions require upgrading to 2.10.2, 3.2.4, or...
CVE-2021-25642 Apache Hadoop YARN remote code execution in ZKConfigurationStore of capacity scheduler
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2,...