8.17.0
14 years ago
12 days ago
Known vulnerabilities in the org.elasticsearch:elasticsearch-hadoop package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of Java objects from Hadoop or Spark configuration properties that could be manipulated by authenticated users. An attacker can achieve unauthorized code execution by providing malicious input to the affected configurations. This is only exploitable if the attacker has the ability to authenticate and modify Hadoop or Spark configuration properties. How to fix Deserialization of Untrusted Data? Upgrade | [,7.17.11)[8.0.0,8.9.0) |