Zip Slip Vulnerability in Apache Hadoop Products
CVE-2018-8009

8.8HIGH

Key Information:

Vendor

Apache
Status
Apache Hadoop
Vendor
CVE Published:
13 November 2018

What is CVE-2018-8009?

The Zip Slip vulnerability affects various versions of Apache Hadoop, allowing an attacker to exploit file extraction processes that handle zip files improperly. By crafting a specially designed zip file, an attacker can potentially overwrite files outside of the intended directories, which could lead to unauthorized code execution or data exposure. This vulnerability underscores the importance of secure file handling practices in software development.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Hadoop Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11

References

https://snyk.io/research/zip-slip-vulnerability
x_refsource_MISC
http://www.securityfocus.com/bid/105927
vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/a1c227745ce30acbcf38...
mailing-listx_refsource_MLIST

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.