org.elasticsearch:elasticsearch-hadoop@7.6.1 vulnerabilities

  • latest version

    8.17.0

  • latest non vulnerable version

  • first published

    14 years ago

  • latest version published

    11 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.elasticsearch:elasticsearch-hadoop package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Deserialization of Untrusted Data

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of Java objects from Hadoop or Spark configuration properties that could be manipulated by authenticated users. An attacker can achieve unauthorized code execution by providing malicious input to the affected configurations. This is only exploitable if the attacker has the ability to authenticate and modify Hadoop or Spark configuration properties.

    How to fix Deserialization of Untrusted Data?

    Upgrade org.elasticsearch:elasticsearch-hadoop to version 7.17.11, 8.9.0 or higher.

    [,7.17.11)[8.0.0,8.9.0)