Open mend-for-github-com[bot] opened 3 weeks ago
Apache Hadoop
Library home page: https://github.com/apache/hadoop.git
Found in HEAD commit: 6dcd8400219941dcbd7fb0f6b980cc2c6a2a6b0a
Found in base branch: trunk
/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/cJSON/cJSON.c /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/cJSON/cJSON.c
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
Publish Date: 2023-12-14
URL: CVE-2023-50471
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
CVE-2023-50471 - High Severity Vulnerability
Vulnerable Library - hadooprelease-3.3.1-RC3
Apache Hadoop
Library home page: https://github.com/apache/hadoop.git
Found in HEAD commit: 6dcd8400219941dcbd7fb0f6b980cc2c6a2a6b0a
Found in base branch: trunk
Vulnerable Source Files (2)
/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/cJSON/cJSON.c /hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/cJSON/cJSON.c
Vulnerability Details
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.
Publish Date: 2023-12-14
URL: CVE-2023-50471
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.