Information Exposure Affecting org.apache.hadoop:hadoop-yarn-common Open this link in a new tab package, versions [,2.5.2)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
2 May 2019
12 May 2014
How to fix?
org.apache.hadoop:hadoop-yarn-common to version 2.5.2 or higher.
org.apache.hadoop:hadoop-yarn-common is a distribution of Apache Hadoop with distributed metadata.
Affected versions of this package are vulnerable to Information Exposure. When using Kerberos authentication, It allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache.