GHSA-v5c9-98f7-2h54

Source

https://github.com/advisories/GHSA-v5c9-98f7-2h54

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-v5c9-98f7-2h54/GHSA-v5c9-98f7-2h54.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v5c9-98f7-2h54

Aliases

CVE-2012-2945

Published

2022-04-23T00:40:07Z

Modified

2024-02-16T08:24:21.090651Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Hadoop symlink vulnerability

Details

Hadoop 1.0.3 contains a symlink vulnerability as a result of storing pid files in the shared /tmp directory by default.

Database specific

{
    "nvd_published_at": "2019-10-29T19:15:00Z",
    "cwe_ids": [
        "CWE-377",
        "CWE-59"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T19:54:42Z"
}

References

Affected packages

Maven / org.apache.hadoop:hadoop-main

Package

Name: org.apache.hadoop:hadoop-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.hadoop/hadoop-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.4

Affected versions

0.*

0.23.1

0.23.3

0.23.4

0.23.5

0.23.6

0.23.7

0.23.8

0.23.9

0.23.10

0.23.11

Database specific

{
    "last_known_affected_version_range": "<= 1.0.3"
}