org.apache.oozie:oozie-core@5.0.0-beta1 vulnerabilities
latest version
5.2.1
first published
10 years ago
latest version published
4 years ago
licenses detected
- [4.1.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.apache.oozie:oozie-core package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.apache.oozie:oozie-core is a system to define, manage, schedule, and execute complex Hadoop workloads via web services. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in an unspecified component. Note: This project is no longer actively maintained so no fix is expected. How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |
org.apache.oozie:oozie-core is a system to define, manage, schedule, and execute complex Hadoop workloads via web services. Affected versions of this package are vulnerable to User Impersonation. A malicious user could construct an XML that results in workflows running in another user's name. How to fix User Impersonation? Upgrade org.apache.oozie:oozie-core to version 5.0.1 or higher. | [3.1.3,5.0.1) |