org.apache.hadoop:hadoop-client
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.hadoop:hadoop-clientpage 1 of 1
- CVE-2012-3376NONECVSS 0.0EG 0.0✓ Fixed in 2.0.1-alpha2012-07-12
vulnerable: 2.0.0-alpha
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks,…
- CVE-2012-4449CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.22017-10-30
vulnerable: 2.0.1-alpha, 2.0.2-alpha
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via …
- CVE-2014-3627NONECVSS 0.0EG 0.0✓ Fixed in 2.5.22014-12-05
vulnerable: 2.0.1-alpha ... 2.5.1 (14 versions)
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in …
- CVE-2017-3161MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.7.02017-04-26
vulnerable: 0.23.1 ... 2.6.5 (41 versions)
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
- CVE-2017-3162HIGHCVSS 7.3EG 7.3✓ Fixed in 2.7.02017-04-26
vulnerable: 0.23.1 ... 2.6.5 (41 versions)
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
Check whether org.apache.hadoop:hadoop-client is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.hadoop:hadoop-client CVEs against the assets you own.
Start Free Scan →