You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hadoop.apache.org by Deepti Sharma S <de...@ericsson.com.INVALID> on 2022/12/08 07:26:37 UTC

Vulnerability query on Hadoop

Hello Team,
We are having java based HDFS client which uses Hadoop-hdfs-3.3.3 as it's dependency. in our application.
Hadoop-hdfs-3.3.3 uses netty 3.10.6.Final as deep dependency.
 We got the following vulnerability in netty using JFrog Xray.
 Description : Netty contains a flaw in the AbstractDiskHttpData.delete() function in handler/codec/http/multipart/AbstractDiskHttpData.java that is triggered as temporary file entries are added to the 'DeleteOnExitHook' object but not properly removed when processing POST requests that are 16 kB. This may allow a remote attacker to exhaust available memory resources, potentially resulting in a denial of service.
What is the impact of this vulnerablility on HDFS client?
If HDFS Client is impacted then what is the mitigation plan for that?



Regards,
Deepti Sharma
PMP® & ITIL