Thank you for your reply.
The version of hadoop we use is 2.7.3 胡晓东 huxiaodong 网管及服务系统部 Network Management & Service System Dept 南京市紫荆花路68号中兴通讯二期 MP: 17351011636 E: [email protected] 原始邮件 发件人: <[email protected]>; 收件人:胡晓东10180976; 抄送人: <[email protected]>;徐进10047864;顾懿周00123903;何文鑫10087558;张东涛10052804; 日 期 :2018年11月13日 11:45 主 题 :Re: a vulnerability of hadoop I think this is an known CVE (CVE-2018-8009) which should have already been fixed in recent hadoop releases. Which hadoop version do you use? Thanks. <[email protected]> 于2018年11月13日周二 上午11:11写道: hello everyone, I use 'black duck' to scan hadoop and found a vulnerability below: BDSA-2018-1828Apache Hadoop is vulnerable to an arbitrary file write vulnerability via a directory traversal. An attacker could exploit this vulnerability by supplying the component with a maliciously crafted archive that, when unpacked, would cause an arbitrary file to be written to the file system.MEDIUM I don't know what this means. Can someone help me solve this? Thank you very much. 胡晓东 huxiaodong 网管及服务系统部 Network Management & Service System Dept 南京市紫荆花路68号中兴通讯二期 MP: 17351011636 E: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
