org.elasticsearch:elasticsearch-hadoop@2.2.0 vulnerabilities
latest version
8.17.0
latest non vulnerable version
first published
14 years ago
latest version published
11 days ago
licenses detected
- [0.8.0,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch:elasticsearch-hadoop package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of Java objects from Hadoop or Spark configuration properties that could be manipulated by authenticated users. An attacker can achieve unauthorized code execution by providing malicious input to the affected configurations. This is only exploitable if the attacker has the ability to authenticate and modify Hadoop or Spark configuration properties. How to fix Deserialization of Untrusted Data? Upgrade | [,7.17.11)[8.0.0,8.9.0) |