VYPR
High severityNVD Advisory· Published Nov 13, 2018· Updated Aug 5, 2024

CVE-2018-8009

CVE-2018-8009

Description

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.hadoop:hadoop-mainMaven
>= 3.1.0, < 3.1.13.1.1
org.apache.hadoop:hadoop-mainMaven
>= 3.0.0, < 3.0.33.0.3
org.apache.hadoop:hadoop-mainMaven
>= 2.9.0, < 2.9.22.9.2
org.apache.hadoop:hadoop-mainMaven
>= 2.8.0, < 2.8.52.8.5
org.apache.hadoop:hadoop-mainMaven
< 2.7.72.7.7

Affected products

2
  • ghsa-coords
    Range: >= 3.1.0, < 3.1.1
  • Apache Software Foundation/Apache Hadoopv5
    Range: Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.