CVE-2017-3161
published 2017-04-26CVE-2017-3161: The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | <= 2.6.5 | — |
| apache_software_foundation | apache_hadoop | — | — |