hadoop-common-yarn is vulnerable to file permission manipulation. Using a symlink attack in a public tar archive, attackers can change the permissions on files to be world-readable.
CPE | Name | Operator | Version |
---|---|---|---|
apache hadoop yarn common | le | 0.23.11 | |
apache hadoop yarn common | le | 2.5.1 | |
apache hadoop yarn nodemanager | le | 2.5.1 |