Vulnerability

CVE-2018-8009

 Report advisory or correction

CVSS Score 8.8 high

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-22

References

https://lists.apache.org/thread.html/%3Ce1ea0123057146c2925353d0cad17c7e@git.apache.org%3E
https://bugzilla.redhat.com/show_bug.cgi?id=1593020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8009

[CVE-2018-8009] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

See org.apache.hadoop/hadoop-common package information