pkg:maven/org.apache.hadoop/hadoop-common

Type maven

Namespace org.apache.hadoop

Name hadoop-common

Known advisories, vulnerabilities and fixes for org.apache.hadoop/hadoop-common package.

Repository: https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-common

Critical 3

High 4

Moderate 3

Low 1

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	>= 2.7.0, <= 2.7.2 >= 2.6.0, <= 2.6.4	CVE-2016-5393	MAVEN:GHSA-7Q56-MP4C-GGGG	Improper Access Control in Apache Hadoop	high	2022-05-17T03:35:31 (2 years ago)
Fixed	= 2.7.3 = 2.6.5	CVE-2016-5393	MAVEN:GHSA-7Q56-MP4C-GGGG	Improper Access Control in Apache Hadoop	high	2022-05-17T03:35:31 (2 years ago)
Affected	>= 2.7.0, <= 2.7.1 <= 2.6.3	CVE-2016-5001	MAVEN:GHSA-8R28-R8CP-G6CP	Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop	moderate	2022-05-13T01:08:56 (2 years ago)
Fixed	= 2.7.2 = 2.6.4	CVE-2016-5001	MAVEN:GHSA-8R28-R8CP-G6CP	Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop	moderate	2022-05-13T01:08:56 (2 years ago)
Affected	>= 3.3.0, < 3.3.3 >= 3.0.0-alpha, < 3.2.4 >= 2.0.0, < 2.10.2	CVE-2022-25168	MAVEN:GHSA-8WM5-8H9C-47PC	Apache Hadoop argument injection vulnerability	critical	2022-08-05T00:00:24 (2 years ago)
Fixed	= 3.3.3 = 3.2.4 = 2.10.2	CVE-2022-25168	MAVEN:GHSA-8WM5-8H9C-47PC	Apache Hadoop argument injection vulnerability	critical	2022-08-05T00:00:24 (2 years ago)
Affected	>= 2.0.0, < 2.4.1 >= 0.23.0, < 0.23.11	CVE-2014-0229	MAVEN:GHSA-9R7G-325H-MXRM	Improper Authentication in Apache Hadoop	moderate	2022-05-17T02:53:20 (2 years ago)
Fixed	= 2.4.1 = 0.23.11	CVE-2014-0229	MAVEN:GHSA-9R7G-325H-MXRM	Improper Authentication in Apache Hadoop	moderate	2022-05-17T02:53:20 (2 years ago)
Affected	>= 3.0.0, < 3.1.4 >= 3.2.0, < 3.2.2 >= 2.0.0, < 2.10.1	CVE-2020-9492	MAVEN:GHSA-F8VC-WFC8-HXQH	Improper Privilege Management in Apache Hadoop	high	2022-02-09T22:17:38 (2 years ago)
Fixed	= 3.1.4 = 3.2.2 = 2.10.1	CVE-2020-9492	MAVEN:GHSA-F8VC-WFC8-HXQH	Improper Privilege Management in Apache Hadoop	high	2022-02-09T22:17:38 (2 years ago)
Affected	>= 2.6.0, <= 2.6.4	CVE-2015-1776	MAVEN:GHSA-G48F-FF5H-5F64	Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop	moderate	2022-05-17T03:44:57 (2 years ago)
Fixed	= 2.6.5	CVE-2015-1776	MAVEN:GHSA-G48F-FF5H-5F64	Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop	moderate	2022-05-17T03:44:57 (2 years ago)
Affected	< 3.2.3	CVE-2022-26612	MAVEN:GHSA-GX2C-FVHC-PH4J	Path traversal in Hadoop	critical	2022-04-08T00:00:21 (2 years ago)
Fixed	= 3.2.3	CVE-2022-26612	MAVEN:GHSA-GX2C-FVHC-PH4J	Path traversal in Hadoop	critical	2022-04-08T00:00:21 (2 years ago)
Affected	>= 3.0.0-alpha1, < 3.0.0-alpha3 < 2.8.1	CVE-2017-7669	MAVEN:GHSA-H24P-QWF4-84Q8	Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation	high	2022-05-17T02:41:57 (2 years ago)
Fixed	= 3.0.0-alpha3 = 2.8.1	CVE-2017-7669	MAVEN:GHSA-H24P-QWF4-84Q8	Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation	high	2022-05-17T02:41:57 (2 years ago)
Affected	>= 2.0.0-alpha, <= 2.7.3	CVE-2016-6811	MAVEN:GHSA-MF7C-35MQ-75PJ	Insecure Inherited Permissions in Apache Hadoop	high	2022-05-14T03:24:59 (2 years ago)
Fixed	= 2.7.4	CVE-2016-6811	MAVEN:GHSA-MF7C-35MQ-75PJ	Insecure Inherited Permissions in Apache Hadoop	high	2022-05-14T03:24:59 (2 years ago)
Affected	>= 0.23.0, < 0.23.9 >= 2.0.0, <= 2.0.5-alpha	CVE-2013-2192	MAVEN:GHSA-PXV5-5VMP-3JJ4	Improper Authentication in Apache Hadoop	low	2022-05-17T02:54:07 (2 years ago)
Fixed	= 0.23.9 = 2.0.6-alpha	CVE-2013-2192	MAVEN:GHSA-PXV5-5VMP-3JJ4	Improper Authentication in Apache Hadoop	low	2022-05-17T02:54:07 (2 years ago)
Affected	< 2.10.2 >= 3.0.0, < 3.2.3 >= 3.3.0, < 3.3.2	CVE-2021-37404	MAVEN:GHSA-RMPJ-7C96-MRG8	Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2	critical	2022-06-14T00:00:37 (2 years ago)
Fixed	= 2.10.2 = 3.2.3 = 3.3.2	CVE-2021-37404	MAVEN:GHSA-RMPJ-7C96-MRG8	Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2	critical	2022-06-14T00:00:37 (2 years ago)