CVE-2021-37404

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/org.apache.hadoop/hadoop-common

Identifiers

GHSA-rmpj-7c96-mrg8, CVE-2021-37404

Package Slug

maven/org.apache.hadoop/hadoop-common

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Affected Versions

All versions before 2.10.2, All versions starting from 3.0.0 before 3.2.3, all versions starting from 3.3.0 before 3.3.2.

Solution

Upgrade to versions 3.2.3 or above.

Last Modified

2022-06-17

source