User account escalation in Apache Hadoop in maven/org.apache.hadoop/hadoop-yarn-server-common
User account escalation in Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
All versions starting from 2.2.0 before 2.10.2, all versions starting from 3.0.0 before 3.2.3, all versions starting from 3.3.0 before 3.3.2
Upgrade to versions 2.10.2, 3.2.3, 3.3.2 or above.