Description
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201611.mbox/%3CCAA0W1bTbUmUUSF1rjRpX-2DvWutcrPt7TJSWUcSLg1F0gyHG1Q%40mail.gmail.com%3E
http://www.securityfocus.com/bid/94574
Related Vulnerabilities
CVE-2019-1003087 Vulnerability in maven package org.jenkins-ci.plugins:labmanager
CVE-2022-28731 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2023-26111 Vulnerability in npm package node-static
CVE-2021-43297 Vulnerability in maven package com.alibaba:hessian-lite
CVE-2019-10473 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave