Advisories for Maven/Org.apache.hadoop/Hadoop-Hdfs package

In Apache Hadoop to to to, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace

The HDFS web UI in Apache Hadoop is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.