Org.apache.hadoop:hadoop-common
This hub aggregates every CVE we track for Org.apache.hadoop:hadoop-common, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
3
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4CRITICAL3LOW1
Monthly trend
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Org.apache.hadoop:hadoop-common.
- CVE-2024-23454Apache Hadoop: Temporary File Local Information Disclosure6.2
- CVE-2022-25168Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar9.8
- CVE-2021-37404Heap buffer overflow in libhdfs native library9.8
- CVE-2022-26612Arbitrary file write in FileUtil#unpackEntries on Windows9.8
- CVE-2020-9492In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.8.8
- CVE-2016-5001This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craf...5.5
- CVE-2017-7669In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated...7.5
- CVE-2016-6811In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.8.8
- CVE-2014-0229Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownD...6.5
- CVE-2016-5393In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.8.8
- CVE-2015-1776Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature i...6.2
- CVE-2013-2192The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attack...3.2
Product normalization is registry-driven with AI assist and human review. How it works