CVE-2018-8009

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:alpha4:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:hadoop:3.1.0:*:*:*:*:*:*:*

History

07 Nov 2023, 03:01

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d@%3Cuser.hadoop.apache.org%3E', 'name': '[hadoop-user] 20181122 CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability', 'tags': ['Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20201008 [druid] branch master updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485)', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E', 'name': '[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a@%3Ccommits.druid.apache.org%3E', 'name': '[druid-commits] 20201008 [druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)', 'tags': [], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a%40%3Ccommits.druid.apache.org%3E -
  • () https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510%40%3Ccommits.druid.apache.org%3E -
  • () https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d%40%3Cuser.hadoop.apache.org%3E -
  • () https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E -

Information

Published : 2018-11-13 21:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-8009

Mitre link : CVE-2018-8009

CVE.ORG link : CVE-2018-8009


JSON object : View

Products Affected

apache

  • hadoop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')