You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hadoop.apache.org by "张铎 (Duo Zhang)" <pa...@gmail.com> on 2018/11/13 03:44:30 UTC

Re: a vulnerability of hadoop

I think this is an known CVE (CVE-2018-8009) which should have already been
fixed in recent hadoop releases.

Which hadoop version do you use?

Thanks.

<hu...@zte.com.cn> 于2018年11月13日周二 上午11:11写道：

>
> hello everyone,
>
>       I use 'black duck' to scan hadoop and found a vulnerability below:
>
>
> BDSA-2018-1828 Apache Hadoop is vulnerable to an arbitrary file write
> vulnerability via a directory traversal. An attacker could exploit this
> vulnerability by supplying the component with a maliciously crafted archive
> that, when unpacked, would cause an arbitrary file to be written to the
> file system. MEDIUM
>
>
> I don't know what this means.
>
> Can someone help me solve this?
>
> Thank you very much.
>
>
> 胡晓东 huxiaodong
>
>
> 网管及服务系统部 Network Management & Service System Dept
>
>
>
> 南京市紫荆花路68号中兴通讯二期
> MP: 17351011636
> E: hu.xiaodong@zte.com.cn
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
> For additional commands, e-mail: user-help@hadoop.apache.org

答复: Re: a vulnerability of hadoop

Posted by hu...@zte.com.cn.

Thank you  for your reply.


The version of hadoop  we use is  2.7.3



















胡晓东 huxiaodong






网管及服务系统部 Network Management & Service System Dept









南京市紫荆花路68号中兴通讯二期                            
MP: 17351011636                                     
E: hu.xiaodong@zte.com.cn                               







原始邮件




发件人： <pa...@gmail.com>;
收件人：胡晓东10180976;
抄送人： <us...@hadoop.apache.org>;徐进10047864;顾懿周00123903;何文鑫10087558;张东涛10052804;
日 期 ：2018年11月13日 11:45
主 题 ：Re: a vulnerability of hadoop








I think this is an known CVE (CVE-2018-8009) which should have already been fixed in recent hadoop releases.

Which hadoop version do you use?


Thanks.





<hu...@zte.com.cn> 于2018年11月13日周二 上午11:11写道：







hello everyone,


      I use 'black duck' to scan hadoop and found a vulnerability below:


   

BDSA-2018-1828Apache Hadoop is vulnerable to an arbitrary file write vulnerability via a directory traversal. An attacker could exploit this vulnerability by supplying the component with a maliciously crafted archive that, when unpacked, would cause an arbitrary file to be written to the file system.MEDIUM




I don't know what this means.


Can someone help me solve this? 


Thank you very much.











胡晓东 huxiaodong






网管及服务系统部 Network Management & Service System Dept









南京市紫荆花路68号中兴通讯二期                            
MP: 17351011636                                     
E: hu.xiaodong@zte.com.cn                               





 ---------------------------------------------------------------------
 To unsubscribe, e-mail: user-unsubscribe@hadoop.apache.org
 For additional commands, e-mail: user-help@hadoop.apache.org