CVE-2018-8009

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-8009

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8009.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-8009

Aliases

GHSA-6x48-j4x4-cqw3

Published

2018-11-13T21:29:00.417Z

Modified

2026-04-10T04:12:52.395003Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type

GIT

Repo

https://github.com/apache/hadoop

Events

Introduced

9f6e30b5abcbb10a37c751d71ee9bd304817db32

Last affected

03898292180fa8dd4dbb2179bc015acf4b933c60

Introduced

Last affected

085099c66cf28be31604560c376fa282e69282b8

Introduced

91f2b7a13d1e97be65db92ddabc627cc29ac0009

Last affected

17e75c2a11685af3e043aa5e604dc831e5b14674

Introduced

756ebc8394e473ac25feac05fa493f6d612e6c50

Last affected

e30710aea4e6e55e69372929106cf119af06fd0e

Introduced

c25427ceca461ee979d30edd7a4b0f50718e6533

Last affected

5c141f7c0f24c12cb8704a6ccc1ff8ec991f41ee

Introduced

Last affected

da30cf664ccc99a54059eb6b9ffa73dc68a95ed2

Introduced

Last affected

a990d2ebcd6de5d7dc2d3684930759b0f0ea4dc3

Introduced

Last affected

1337ef4eef14fbbb214e71b68b7eb07061a4a212

Introduced

Last affected

7c0489beb9fdf12e223a9e57779d3fef765a44d2

Introduced

Last affected

e324cf8a2a6e55e996414ff281fee757f09d8172

Introduced

Last affected

1002c582d86ae8689c497c3d31b73f1ab92d5e29

Introduced

Last affected

16b70619a24cdcf5d3b0fcf4b58ca77238ccbe6d

Database specific

{
    "versions": [
        {
            "introduced": "0.23.0"
        },
        {
            "last_affected": "0.23.11"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "last_affected": "2.7.6"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "last_affected": "2.8.4"
        },
        {
            "introduced": "2.9.0"
        },
        {
            "last_affected": "2.9.1"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0-alpha"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-alpha4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-beta1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        }
    ]
}

Affected versions

rel/release-2.*

rel/release-2.7.6

rel/release-2.8.4

rel/release-2.9.1

rel/release-3.*

rel/release-3.0.0-alpha1

rel/release-3.0.0-alpha2

rel/release-3.0.0-alpha3

rel/release-3.0.0-alpha4

rel/release-3.0.0-beta1

rel/release-3.0.1

rel/release-3.0.2

rel/release-3.1.0

release-0.*

release-0.23.11

release-0.23.11-rc0

release-2.*

release-2.0.0-alpha

release-2.0.0-alpha-rc1

release-2.7.6-RC0

release-2.8.4-RC0

release-2.9.1-RC0

release-3.*

release-3.0.0-alpha1-RC0

release-3.0.0-alpha2-RC0

release-3.0.0-alpha4-RC0

release-3.0.0-beta1-RC0

release-3.0.1-RC0

release-3.0.1-RC1

release-3.0.2-RC0

release-3.0.2-RC1

release-3.1.0-RC0

release-3.1.0-RC1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8009.json"