2018-11-13 22:29:00 2019-01-09 21:00:16

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Apache Software Foundation Hadoop 0.23.0 Apache Software Foundation Hadoop 0.23.1 Apache Software Foundation Hadoop 0.23.3 Apache Software Foundation Hadoop 0.23.4 Apache Software Foundation Hadoop 0.23.5 Apache Software Foundation Hadoop 0.23.6 Apache Software Foundation Hadoop 0.23.7 Apache Software Foundation Hadoop 0.23.8 Apache Software Foundation Hadoop 0.23.9 Apache Software Foundation Hadoop 0.23.10 Apache Software Foundation Hadoop 0.23.11 Apache Software Foundation Hadoop 2.0.0 alpha Apache Software Foundation Hadoop 2.0.1 alpha Apache Software Foundation Hadoop 2.0.2 alpha Apache Software Foundation Hadoop 2.0.3 alpha Apache Software Foundation Hadoop 2.0.4 alpha Apache Software Foundation Hadoop 2.0.5 alpha Apache Software Foundation Hadoop 2.0.6 Alpha Apache Software Foundation Hadoop 2.1.0 Beta Apache Software Foundation Hadoop 2.1.1 Beta Apache Software Foundation Hadoop 2.2.0 Apache Software Foundation Hadoop 2.3.0 Apache Software Foundation Hadoop 2.4.0 Apache Software Foundation Hadoop 2.4.1 Apache Software Foundation Hadoop 2.5.0 Apache Software Foundation Hadoop 2.5.1 Apache Hadoop 2.6.0 (not an official CPE) Apache Hadoop 2.6.1 (not an official CPE) Apache Hadoop 2.6.2 (not an official CPE) Apache Hadoop 2.6.3 (not an official CPE) Apache Hadoop 2.6.4 (not an official CPE) Apache Hadoop 2.7.0 (not an official CPE) Apache Hadoop 2.7.1 (not an official CPE) Apache Hadoop 2.7.2 (not an official CPE) Apache Hadoop 2.7.3 (not an official CPE) Apache Hadoop 3.0.0 Alpha1 (not an official CPE) Apache Hadoop 3.0.0 Alpha2 (not an official CPE) Apache Hadoop 3.0.0 Alpha3 (not an official CPE) Apache Hadoop 3.0.0 Alpha4 (not an official CPE) Apache Hadoop 3.0.0 Beta1 (not an official CPE) Apache Hadoop 3.1.0 (not an official CPE)