6.5
CVSSv2

CVE-2018-8009

Published: 13/11/2018 Updated: 08/10/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache hadoop 2.0.0

apache hadoop

apache hadoop 3.0.0

apache hadoop 3.1.0

Vendor Advisories

Apache Hadoop 310, 300-alpha to 302, 290 to 291, 280 to 284, 200-alpha to 276, 0230 to 02311 is exploitable via the zip slip vulnerability in places that accept a zip file ...
Synopsis Important: Red Hat Fuse 750 security update Type/Severity Security Advisory: Important Topic A minor version update (from 74 to 75) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Summary Snyk Security team  discloses a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution The flaw which has been named Zip Slip affects numerous archive-extraction libraries and archive formats  More information is available at: githubcom/snyk/zip-slip-vulnerability Bro ...

Github Repositories

Zip Slip Vulnerability (Arbitrary file write through archive extraction)

Zip Slip Zip Slip is a widespread critical archive extraction vulnerability, allowing attackers to write arbitrary files on the system, typically resulting in remote command execution It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018, and affects thousands of projects, including ones from HP, Amazon, Apache, Pi

Cubed Cubed is a self-serve data mart and funnel analysis pipeline management platform Table of Contents Background Install Configuration Usage Security Contribute License Background Do you find it difficult deriving insights from wide and sparse data sets, and want to only focus on data relevant to your needs? Do you want to study the user conversions across multiple inter