High severity8.8NVD Advisory· Published Apr 11, 2017· Updated May 13, 2026
CVE-2016-6811
CVE-2016-6811
Description
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hadoop:hadoop-commonMaven | >= 2.0.0-alpha, < 2.7.4 | 2.7.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-mf7c-35mq-75pjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6811ghsaADVISORY
- lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307@%3Cgeneral.hadoop.apache.org%3EghsaWEB
- lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307%40%3Cgeneral.hadoop.apache.org%3Envd
News mentions
0No linked articles in our index yet.