CVE-2018-8009
published 2018-11-13CVE-2018-8009: Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | — | — |
| apache | hadoop | 0.23.0 – 0.23.11 | — |
| apache | hadoop | 2.0.0 – 2.7.6 | — |
| apache | hadoop | 2.8.0 – 2.8.4 | — |
| apache | hadoop | 2.9.0 – 2.9.1 | — |
| apache | hadoop | 3.0.0 – 3.0.2 | — |
| apache_software_foundation | apache_hadoop | — | — |