Loading HuntDB...

GHSA-rqj9-cq6j-958r

GitHub Security Advisory

Arbitrary Command Execution in Hadoop

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.

Affected Packages

Maven org.apache.hadoop:hadoop-main
Affected versions: 2.7.4 (fixed in 2.7.7)

Related CVEs

Key Information

GHSA ID
GHSA-rqj9-cq6j-958r
Published
December 21, 2018 5:50 PM
Last Modified
September 14, 2022 10:27 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.apache.hadoop:hadoop-main
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.