Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
CVE-2018-8009 - High Severity Vulnerability
hadoop-core-1.0.4.jar
Path to dependency file: /camus-sweeper/pom.xml
Path to vulnerable library: /canner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.4/hadoop-core-1.0.4.jar
Dependency Hierarchy: - :x: **hadoop-core-1.0.4.jar** (Vulnerable Library)
hadoop-core-1.0.3.jar
Path to dependency file: /camus-etl-kafka/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar,/home/wss-scanner/.m2/repository/org/apache/hadoop/hadoop-core/1.0.3/hadoop-core-1.0.3.jar
Dependency Hierarchy: - hadoop-client-1.0.3.jar (Root Library) - :x: **hadoop-core-1.0.3.jar** (Vulnerable Library)
Found in HEAD commit: 1053f8fe9c963d2cf33163881f6fe4c0bc437da2
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Publish Date: 2018-11-13
URL: CVE-2018-8009
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1593018
Release Date: 2018-11-13
Fix Resolution: 3.1.1,3.0.3,2.9.2,2.8.5,2.7.7
Step up your Open Source Security Game with Mend here