Improper Input Validation Affecting org.apache.hadoop:hadoop-hdfs package, versions [,2.7.0)


0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.32% (70th percentile)
Expand this section
NVD
7.3 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHEHADOOP-31400
  • published 21 May 2017
  • disclosed 26 Apr 2017
  • credit Sunil Yadav

Overview

org.apache.hadoop:hadoop-hdfs is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models.

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.