Path Traversal in Hadoop
High severity
GitHub Reviewed
Published
Dec 21, 2018
to the GitHub Advisory Database
•
Updated Mar 4, 2024
Package
Affected versions
= 3.1.0
>= 3.0.0, < 3.0.3
>= 2.9.0, < 2.9.2
>= 2.8.0, < 2.8.5
< 2.7.7
Patched versions
3.1.1
3.0.3
2.9.2
2.8.5
2.7.7
Description
Published to the GitHub Advisory Database
Dec 21, 2018
Reviewed
Jun 16, 2020
Last updated
Mar 4, 2024
Credits
-
MarkLee131 Analyst
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
References