VYPR

Maven package

org.apache.hadoop/hadoop-yarn-project

pkg:maven/org.apache.hadoop/hadoop-yarn-project

Vulnerabilities (1)

  • CVE-2023-26031Nov 16, 2023
    affected >= 3.3.1, < 3.3.5fixed 3.3.5

    Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3