Privilege Escalation Affecting org.apache.hadoop:hadoop-main package, versions [2.2.0, 2.10.2) [3.0.0-alpha1, 3.2.3) [3.3.0, 3.3.2)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.31% (70th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEHADOOP-2928753
- published 16 Jun 2022
- disclosed 16 Jun 2022
- credit Hideyuki Furue
Introduced: 16 Jun 2022
CVE-2021-33036 Open this link in a new tabHow to fix?
Upgrade org.apache.hadoop:hadoop-main
to version 2.10.2, 3.2.3, 3.3.2 or higher.
Overview
org.apache.hadoop:hadoop-main is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models.
Affected versions of this package are vulnerable to Privilege Escalation from yarn to root, allowing arbitrary root command execution.