GHSA-rqj9-cq6j-958r
GitHub Security Advisory
Arbitrary Command Execution in Hadoop
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Affected Packages
Maven
org.apache.hadoop:hadoop-main
Affected versions:
2.7.4
(fixed in 2.7.7)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 28, 2025 6:37 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.