Hortonworks Data Platform
Also available as:
PDF

Fixed Common Vulnerabilities and Exposures

This section covers all Common Vulnerabilities and Exposures (CVE) that are addressed in this release.

CVE-2015-7521

Summary: Zip Slip Vulnerability - Apache Hadoop distributed cache archive vulnerability

Severity: Critical

Vendor: Hortonworks

Versions Affected: HDP 3.0.0

Users Affected: Users who run Mapreduce jobs.

Impact: Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team.

Recommended Action: Upgrade to HDP 3.0.1+.

CVE-2018-12536

Summary: InvalidPathException message

Severity: Moderate

Vendor: Hortonworks

Versions Affected: HDP 3.0.0

Users Affected: Users who use Spark UIs..

Impact: When an intentionally bad query arrives, the message included in the error response can reveal the full server path to the requesting system.

Recommended Action: Upgrade to HDP 3.0.1.