You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hadoop.apache.org by "张铎 (Duo Zhang)" <pa...@gmail.com> on 2018/11/13 03:44:30 UTC
Re: a vulnerability of hadoop
I think this is an known CVE (CVE-2018-8009) which should have already been
fixed in recent hadoop releases.
Which hadoop version do you use?
Thanks.
<hu...@zte.com.cn> 于2018年11月13日周二 上午11:11写道:
>
> hello everyone,
>
> I use 'black duck' to scan hadoop and found a vulnerability below:
>
>
> BDSA-2018-1828 Apache Hadoop is vulnerable to an arbitrary file write
> vulnerability via a directory traversal. An attacker could exploit this
> vulnerability by supplying the component with a maliciously crafted archive
> that, when unpacked, would cause an arbitrary file to be written to the
> file system. MEDIUM
>
>
> I don't know what this means.
>
> Can someone help me solve this?
>
> Thank you very much.
>
>
> 胡晓东 huxiaodong
>
>
> 网管及服务系统部 Network Management & Service System Dept
>
>
>
> 南京市紫荆花路68号中兴通讯二期
> MP: 17351011636
> E: hu.xiaodong@zte.com.cn
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
> For additional commands, e-mail: user-help@hadoop.apache.org
答复: Re: a vulnerability of hadoop
Posted by hu...@zte.com.cn.
Thank you for your reply.
The version of hadoop we use is 2.7.3
胡晓东 huxiaodong
网管及服务系统部 Network Management & Service System Dept
南京市紫荆花路68号中兴通讯二期
MP: 17351011636
E: hu.xiaodong@zte.com.cn
原始邮件
发件人: <pa...@gmail.com>;
收件人:胡晓东10180976;
抄送人: <us...@hadoop.apache.org>;徐进10047864;顾懿周00123903;何文鑫10087558;张东涛10052804;
日 期 :2018年11月13日 11:45
主 题 :Re: a vulnerability of hadoop
I think this is an known CVE (CVE-2018-8009) which should have already been fixed in recent hadoop releases.
Which hadoop version do you use?
Thanks.
<hu...@zte.com.cn> 于2018年11月13日周二 上午11:11写道:
hello everyone,
I use 'black duck' to scan hadoop and found a vulnerability below:
BDSA-2018-1828Apache Hadoop is vulnerable to an arbitrary file write vulnerability via a directory traversal. An attacker could exploit this vulnerability by supplying the component with a maliciously crafted archive that, when unpacked, would cause an arbitrary file to be written to the file system.MEDIUM
I don't know what this means.
Can someone help me solve this?
Thank you very much.
胡晓东 huxiaodong
网管及服务系统部 Network Management & Service System Dept
南京市紫荆花路68号中兴通讯二期
MP: 17351011636
E: hu.xiaodong@zte.com.cn
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
For additional commands, e-mail: user-help@hadoop.apache.org