Description
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hadoop-general/201611.mbox/%3CCAA0W1bTbUmUUSF1rjRpX-2DvWutcrPt7TJSWUcSLg1F0gyHG1Q%40mail.gmail.com%3E
http://www.securityfocus.com/bid/94574
Related Vulnerabilities
CVE-2022-25912 Vulnerability in maven package org.webjars.npm:simple-git
CVE-2020-15095 Vulnerability in maven package org.webjars.npm:npm
CVE-2023-40176 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2020-17533 Vulnerability in maven package org.apache.accumulo:accumulo-core
CVE-2023-25569 Vulnerability in maven package com.ctrip.framework.apollo:apollo