Hadoop Security Vulnerabilities and Issues — Hadoop CVE List

Lucene search

ApacheHadoop

3 matches found

CVE•added 2017/04/26 8:59 p.m.•92 views

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.

7.5CVSS7AI score0.00875EPSS

CVE•added 2017/04/11 2:59 p.m.•90 views

CVE-2016-6811

In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

9CVSS8.7AI score0.00538EPSS

CVE•added 2017/04/26 8:59 p.m.•75 views

CVE-2017-3161

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

6.1CVSS5.9AI score0.02473EPSS