pkg:maven/org.apache.hadoop/hadoop-main
Type
maven
Namespace
org.apache.hadoop
Name
hadoop-main
Known advisories, vulnerabilities and fixes for org.apache.hadoop/hadoop-main package.
Critical
1
High
9
Moderate
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 3.0.0, < 3.1.1 >= 2.9.0, < 2.9.2 >= 2.2.0, < 2.8.4 |
CVE-2018-8029
|
MAVEN:GHSA-37PW-QW47-4JXM | Privilege escalation vulnerability in Apache Hadoop | high |
2019-05-31T16:09:15
(5 years ago) |
|
Fixed | = 3.1.1 = 2.9.2 = 2.8.4 |
CVE-2018-8029
|
MAVEN:GHSA-37PW-QW47-4JXM | Privilege escalation vulnerability in Apache Hadoop | high |
2019-05-31T16:09:15
(5 years ago) |
|
Affected | >= 2.8.0, < 2.8.3 < 2.7.5 |
CVE-2017-15713
|
MAVEN:GHSA-3V44-382Q-55F4 | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | moderate |
2018-12-21T17:50:13
(5 years ago) |
|
Fixed | = 2.8.3 = 2.7.5 |
CVE-2017-15713
|
MAVEN:GHSA-3V44-382Q-55F4 | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | moderate |
2018-12-21T17:50:13
(5 years ago) |
|
Affected | = 3.0.0 = 3.0.0-beta1 = 3.0.0-alpha4 |
CVE-2018-11764
|
MAVEN:GHSA-4FH8-PM7G-PMXQ | Authentication bypass in Apache Hadoop | high |
2022-02-10T20:28:06
(2 years ago) |
|
Fixed | = 3.0.1 |
CVE-2018-11764
|
MAVEN:GHSA-4FH8-PM7G-PMXQ | Authentication bypass in Apache Hadoop | high |
2022-02-10T20:28:06
(2 years ago) |
|
Affected | >= 2.9.0, < 2.9.2 >= 2.8.3, < 2.8.5 >= 2.7.5, < 2.7.7 |
CVE-2018-11767
|
MAVEN:GHSA-5CF4-JQWP-584G | Improper Privilege Management in org.apache.hadoop:hadoop-main | high |
2019-03-25T16:17:32
(5 years ago) |
|
Fixed | = 2.9.2 = 2.8.5 = 2.7.7 |
CVE-2018-11767
|
MAVEN:GHSA-5CF4-JQWP-584G | Improper Privilege Management in org.apache.hadoop:hadoop-main | high |
2019-03-25T16:17:32
(5 years ago) |
|
Affected | < 2.7.7 >= 2.8.0, < 2.8.5 >= 2.9.0, < 2.9.2 >= 3.0.0, < 3.0.3 = 3.1.0 |
CVE-2018-8009
|
MAVEN:GHSA-6X48-J4X4-CQW3 | Path Traversal in Hadoop | high |
2018-12-21T17:50:29
(5 years ago) |
|
Fixed | = 2.7.7 = 2.8.5 = 2.9.2 = 3.0.3 = 3.1.1 |
CVE-2018-8009
|
MAVEN:GHSA-6X48-J4X4-CQW3 | Path Traversal in Hadoop | high |
2018-12-21T17:50:29
(5 years ago) |
|
Affected | < 2.7.3 |
CVE-2017-3166
|
MAVEN:GHSA-99QR-9CC9-FV2X | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | moderate |
2018-12-21T17:50:03
(5 years ago) |
|
Fixed | = 2.7.3 |
CVE-2017-3166
|
MAVEN:GHSA-99QR-9CC9-FV2X | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | moderate |
2018-12-21T17:50:03
(5 years ago) |
|
Affected | >= 1.0, < 1.0.2 >= 0.23, < 0.23.2 |
CVE-2012-1574
|
MAVEN:GHSA-C6F9-4PMV-M7M6 | Apache Hadoop allows impersonation of arbitrary cluster user accounts | moderate |
2022-05-17T02:54:07
(2 years ago) |
|
Fixed | = 1.0.2 = 0.23.2 |
CVE-2012-1574
|
MAVEN:GHSA-C6F9-4PMV-M7M6 | Apache Hadoop allows impersonation of arbitrary cluster user accounts | moderate |
2022-05-17T02:54:07
(2 years ago) |
|
Affected | >= 3.0.0, < 3.1.1 >= 2.9.0, < 2.9.2 >= 2.2.0, < 2.8.5 |
CVE-2018-11768
|
MAVEN:GHSA-HX83-RPQF-M267 | user/group information can be corrupted across storing in fsimage and reading back from fsimage | high |
2019-11-20T01:38:00
(4 years ago) |
|
Fixed | = 3.1.1 = 2.9.2 = 2.8.5 |
CVE-2018-11768
|
MAVEN:GHSA-HX83-RPQF-M267 | user/group information can be corrupted across storing in fsimage and reading back from fsimage | high |
2019-11-20T01:38:00
(4 years ago) |
|
Affected | >= 2.7.3, <= 2.7.4 |
CVE-2017-15718
|
MAVEN:GHSA-MQ8P-H798-XCRP | Exposure of Sensitive Information in Hadoop | critical |
2018-12-21T17:50:20
(5 years ago) |
|
Fixed | = 2.7.5 |
CVE-2017-15718
|
MAVEN:GHSA-MQ8P-H798-XCRP | Exposure of Sensitive Information in Hadoop | critical |
2018-12-21T17:50:20
(5 years ago) |
|
Affected | >= 2.8.0, <= 2.8.5 >= 2.9.0, <= 2.9.2 >= 3.0.0-alpha2, <= 3.0.0 |
CVE-2018-11765
|
MAVEN:GHSA-RHH9-CM65-3W54 | Improper Authentication in Apache Hadoop | high |
2021-04-30T17:29:30
(3 years ago) |
|
Fixed | = 2.8.6 = 2.9.3 = 3.0.1 |
CVE-2018-11765
|
MAVEN:GHSA-RHH9-CM65-3W54 | Improper Authentication in Apache Hadoop | high |
2021-04-30T17:29:30
(3 years ago) |
|
Affected | >= 2.7.4, <= 2.7.6 |
CVE-2018-11766
|
MAVEN:GHSA-RQJ9-CQ6J-958R | Arbitrary Command Execution in Hadoop | high |
2018-12-21T17:50:26
(5 years ago) |
|
Fixed | = 2.7.7 |
CVE-2018-11766
|
MAVEN:GHSA-RQJ9-CQ6J-958R | Arbitrary Command Execution in Hadoop | high |
2018-12-21T17:50:26
(5 years ago) |
|
Affected | = 2.9.0 >= 2.8.0, < 2.8.4 < 2.7.6 |
CVE-2018-1296
|
MAVEN:GHSA-V569-G72V-Q434 | Exposure of Sensitive Information to an Unauthorized Actor in Hadoop | high |
2019-02-12T17:26:12
(5 years ago) |
|
Fixed | = 2.9.1 = 2.8.4 = 2.7.6 |
CVE-2018-1296
|
MAVEN:GHSA-V569-G72V-Q434 | Exposure of Sensitive Information to an Unauthorized Actor in Hadoop | high |
2019-02-12T17:26:12
(5 years ago) |
|
Affected | <= 1.0.3 |
CVE-2012-2945
|
MAVEN:GHSA-V5C9-98F7-2H54 | Hadoop symlink vulnerability | high |
2022-04-23T00:40:07
(2 years ago) |
|
Fixed | = 1.0.4 |
CVE-2012-2945
|
MAVEN:GHSA-V5C9-98F7-2H54 | Hadoop symlink vulnerability | high |
2022-04-23T00:40:07
(2 years ago) |