Vulnerability-Lookup

CVE-2025-27821 (GCVE-0-2025-27821)

Vulnerability from cvelistv5 – Published: 2026-01-26 09:44 – Updated: 2026-01-26 18:13

Title

HDFS native client: Out of bounds write in URI parser of native HDFS client

Summary

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	HDFS native client	Affected: 3.2.0 , < 3.4.2 (semver)

Credits

BUI Ngoc Tan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-01-26T10:08:17.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/01/23/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-27821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T18:13:15.482570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-26T18:13:19.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.hadoop:hadoop-hdfs-native-client",
          "product": "HDFS native client",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.4.2",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "BUI Ngoc Tan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOut-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.4.2, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\n\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T09:44:13.532Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh"
        }
      ],
      "source": {
        "defect": [
          "HDFS-17754"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "HDFS native client: Out of bounds write in URI parser of native HDFS client",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-27821",
    "datePublished": "2026-01-26T09:44:13.532Z",
    "dateReserved": "2025-03-07T17:56:36.435Z",
    "dateUpdated": "2026-01-26T18:13:19.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-27821",
      "date": "2026-05-25",
      "epss": "0.00047",
      "percentile": "0.14499"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27821\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-01-26T10:16:05.033\",\"lastModified\":\"2026-01-27T20:30:26.927\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\\n\\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\\n\\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.2.0\",\"versionEndExcluding\":\"3.4.2\",\"matchCriteriaId\":\"4EED8AAC-78E8-4337-97C1-7C8AAB2E7376\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/01/23/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\", \"packageName\": \"org.apache.hadoop:hadoop-hdfs-native-client\", \"product\": \"HDFS native client\", \"vendor\": \"Apache Software Foundation\", \"versions\": [{\"lessThan\": \"3.4.2\", \"status\": \"affected\", \"version\": \"3.2.0\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"BUI Ngoc Tan\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eOut-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 3.4.2, which fixes the issue.\u003c/p\u003e\"}], \"value\": \"Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\\n\\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\\n\\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue.\"}], \"metrics\": [{\"other\": {\"content\": {\"text\": \"moderate\"}, \"type\": \"Textual description of severity\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-01-26T09:44:13.532Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh\"}], \"source\": {\"defect\": [\"HDFS-17754\"], \"discovery\": \"EXTERNAL\"}, \"title\": \"HDFS native client: Out of bounds write in URI parser of native HDFS client\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/01/23/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-01-26T10:08:17.750Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27821\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-26T18:13:15.482570Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-26T18:13:06.272Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27821\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"apache\", \"dateReserved\": \"2025-03-07T17:56:36.435Z\", \"datePublished\": \"2026-01-26T09:44:13.532Z\", \"dateUpdated\": \"2026-01-26T18:13:19.241Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0500

Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
	VMware	N/A	Tanzu Data Lake versions antérieures à 4.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37405	2026-04-24	vendor-advisory
Bulletin de sécurité VMware 37404	2026-04-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2026-2229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2026-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2026-22036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2026-24098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2026-24734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2026-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2026-41239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2023-34610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2026-34486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
    },
    {
      "name": "CVE-2026-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2026-29145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-49128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2026-23745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2025-54550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
    },
    {
      "name": "CVE-2025-54920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2025-33042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2026-34500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
    },
    {
      "name": "CVE-2025-9624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
    },
    {
      "name": "CVE-2026-34043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-33532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
    },
    {
      "name": "CVE-2025-68470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
    },
    {
      "name": "CVE-2025-67721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2025-66236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2024-48910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
    },
    {
      "name": "CVE-2026-34480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2025-12758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2024-57083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2024-23953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
    },
    {
      "name": "CVE-2026-29074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2026-41240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
    },
    {
      "name": "CVE-2026-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2025-27821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
    },
    {
      "name": "CVE-2022-41404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2026-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2026-34487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
    },
    {
      "name": "CVE-2025-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
    },
    {
      "name": "CVE-2025-65995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2026-23950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2026-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2025-69873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2025-68458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2026-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2026-25854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
    },
    {
      "name": "CVE-2021-22573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2026-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2026-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2024-56373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
    },
    {
      "name": "CVE-2026-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2025-68157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2025-68675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2026-34483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2025-59419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2026-33816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2026-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2026-31802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2026-04-27T00:00:00",
  "last_revision_date": "2026-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0500",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
    },
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
    }
  ]
}

cleanstart-2026-sq91016

Vulnerability from cleanstart

Published

2026-05-18 13:11

Modified

2026-05-14 06:09

Summary

Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1

Details

Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2018-10237	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2021-22569	WEB
	https://osv.dev/vulnerability/CVE-2021-22570	WEB
	https://osv.dev/vulnerability/CVE-2022-2047	WEB
	https://osv.dev/vulnerability/CVE-2022-3171	WEB
	https://osv.dev/vulnerability/CVE-2022-3509	WEB
	https://osv.dev/vulnerability/CVE-2022-3510	WEB
	https://osv.dev/vulnerability/CVE-2022-36364	WEB
	https://osv.dev/vulnerability/CVE-2022-41881	WEB
	https://osv.dev/vulnerability/CVE-2023-20861	WEB
	https://osv.dev/vulnerability/CVE-2023-20863	WEB
	https://osv.dev/vulnerability/CVE-2023-26048	WEB
	https://osv.dev/vulnerability/CVE-2023-26049	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-34462	WEB
	https://osv.dev/vulnerability/CVE-2023-36479	WEB
	https://osv.dev/vulnerability/CVE-2023-40167	WEB
	https://osv.dev/vulnerability/CVE-2023-41900	WEB
	https://osv.dev/vulnerability/CVE-2023-42503	WEB
	https://osv.dev/vulnerability/CVE-2023-44981	WEB
	https://osv.dev/vulnerability/CVE-2024-13009	WEB
	https://osv.dev/vulnerability/CVE-2024-23454	WEB
	https://osv.dev/vulnerability/CVE-2024-23944	WEB
	https://osv.dev/vulnerability/CVE-2024-25710	WEB
	https://osv.dev/vulnerability/CVE-2024-26308	WEB
	https://osv.dev/vulnerability/CVE-2024-29131	WEB
	https://osv.dev/vulnerability/CVE-2024-29133	WEB
	https://osv.dev/vulnerability/CVE-2024-38808	WEB
	https://osv.dev/vulnerability/CVE-2024-38820	WEB
	https://osv.dev/vulnerability/CVE-2024-38827	WEB
	https://osv.dev/vulnerability/CVE-2024-47554	WEB
	https://osv.dev/vulnerability/CVE-2024-47561	WEB
	https://osv.dev/vulnerability/CVE-2024-52046	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-7254	WEB
	https://osv.dev/vulnerability/CVE-2024-8184	WEB
	https://osv.dev/vulnerability/CVE-2025-11143	WEB
	https://osv.dev/vulnerability/CVE-2025-22233	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-27821	WEB
	https://osv.dev/vulnerability/CVE-2025-41249	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-49128	WEB
	https://osv.dev/vulnerability/CVE-2025-52999	WEB
	https://osv.dev/vulnerability/CVE-2025-53864	WEB
	https://osv.dev/vulnerability/CVE-2025-55163	WEB
	https://osv.dev/vulnerability/CVE-2025-58056	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2025-59419	WEB
	https://osv.dev/vulnerability/CVE-2025-67735	WEB
	https://osv.dev/vulnerability/CVE-2025-68161	WEB
	https://osv.dev/vulnerability/CVE-2025-8916	WEB
	https://osv.dev/vulnerability/CVE-2026-24281	WEB
	https://osv.dev/vulnerability/CVE-2026-24308	WEB
	https://osv.dev/vulnerability/CVE-2026-33870	WEB
	https://osv.dev/vulnerability/CVE-2026-33871	WEB
	https://osv.dev/vulnerability/CVE-2026-5588	WEB
	https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh	WEB
	https://osv.dev/vulnerability/ghsa-72hv-8253-57qq	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-10237	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-22569	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-22570	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-2047	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3171	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3509	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3510	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-36364	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41881	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-20861	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-20863	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-26048	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-26049	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34462	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-36479	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-40167	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41900	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-42503	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-44981	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-13009	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-23454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-23944	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-25710	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-26308	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-29131	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-29133	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-38808	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-38820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-38827	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47554	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47561	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-52046	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7254	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-8184	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-22233	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-27821	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-41249	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-49128	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-52999	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-53864	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55163	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59419	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-67735	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68161	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-8916	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24308	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33871	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5588	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "apache-hive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-SQ91016",
  "modified": "2026-05-14T06:09:00Z",
  "published": "2026-05-18T13:11:46.835215Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SQ91016.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-22569"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-22570"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-2047"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-36364"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-20861"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-20863"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-26048"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-26049"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36479"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-40167"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41900"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-42503"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-44981"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-23454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-23944"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-25710"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-26308"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-29131"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-29133"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-38808"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-38820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-38827"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47561"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-22233"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-27821"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-41249"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49128"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-8916"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24308"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-58qw-p7qm-5rvh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2047"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36364"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20863"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36479"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41900"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42503"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29133"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38808"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47561"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22233"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-2047, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-36364, CVE-2022-41881, CVE-2023-20861, CVE-2023-20863, CVE-2023-26048, CVE-2023-26049, CVE-2023-2976, CVE-2023-34462, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900, CVE-2023-42503, CVE-2023-44981, CVE-2024-13009, CVE-2024-23454, CVE-2024-23944, CVE-2024-25710, CVE-2024-26308, CVE-2024-29131, CVE-2024-29133, CVE-2024-38808, CVE-2024-38820, CVE-2024-38827, CVE-2024-47554, CVE-2024-47561, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2025-11143, CVE-2025-22233, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-58qw-p7qm-5rvh, ghsa-72hv-8253-57qq applied in versions: 4.0.0-r0, 4.0.0-r1",
  "upstream": [
    "CVE-2018-10237",
    "CVE-2020-8908",
    "CVE-2021-22569",
    "CVE-2021-22570",
    "CVE-2022-2047",
    "CVE-2022-3171",
    "CVE-2022-3509",
    "CVE-2022-3510",
    "CVE-2022-36364",
    "CVE-2022-41881",
    "CVE-2023-20861",
    "CVE-2023-20863",
    "CVE-2023-26048",
    "CVE-2023-26049",
    "CVE-2023-2976",
    "CVE-2023-34462",
    "CVE-2023-36479",
    "CVE-2023-40167",
    "CVE-2023-41900",
    "CVE-2023-42503",
    "CVE-2023-44981",
    "CVE-2024-13009",
    "CVE-2024-23454",
    "CVE-2024-23944",
    "CVE-2024-25710",
    "CVE-2024-26308",
    "CVE-2024-29131",
    "CVE-2024-29133",
    "CVE-2024-38808",
    "CVE-2024-38820",
    "CVE-2024-38827",
    "CVE-2024-47554",
    "CVE-2024-47561",
    "CVE-2024-52046",
    "CVE-2024-6763",
    "CVE-2024-7254",
    "CVE-2024-8184",
    "CVE-2025-11143",
    "CVE-2025-22233",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-27821",
    "CVE-2025-41249",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-49128",
    "CVE-2025-52999",
    "CVE-2025-53864",
    "CVE-2025-55163",
    "CVE-2025-58056",
    "CVE-2025-58057",
    "CVE-2025-59419",
    "CVE-2025-67735",
    "CVE-2025-68161",
    "CVE-2025-8916",
    "CVE-2026-24281",
    "CVE-2026-24308",
    "CVE-2026-33870",
    "CVE-2026-33871",
    "CVE-2026-5588",
    "ghsa-58qw-p7qm-5rvh",
    "ghsa-72hv-8253-57qq"
  ]
}

cleanstart-2026-sv95049

Vulnerability from cleanstart

Published

2026-05-18 13:10

Modified

2026-05-14 06:03

Summary

Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2023-2976, CVE-2023-44981, CVE-2024-23454, CVE-2024-23944, CVE-2024-38827, CVE-2024-47554, CVE-2024-6763, CVE-2024-7254, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-72hv-8253-57qq applied in versions: 4.1.0-r1, 4.1.0-r2

Details

Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2018-10237	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2021-22569	WEB
	https://osv.dev/vulnerability/CVE-2021-22570	WEB
	https://osv.dev/vulnerability/CVE-2022-3171	WEB
	https://osv.dev/vulnerability/CVE-2022-3509	WEB
	https://osv.dev/vulnerability/CVE-2022-3510	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-44981	WEB
	https://osv.dev/vulnerability/CVE-2024-23454	WEB
	https://osv.dev/vulnerability/CVE-2024-23944	WEB
	https://osv.dev/vulnerability/CVE-2024-38827	WEB
	https://osv.dev/vulnerability/CVE-2024-47554	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-7254	WEB
	https://osv.dev/vulnerability/CVE-2025-11143	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-27821	WEB
	https://osv.dev/vulnerability/CVE-2025-41249	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-49128	WEB
	https://osv.dev/vulnerability/CVE-2025-52999	WEB
	https://osv.dev/vulnerability/CVE-2025-53864	WEB
	https://osv.dev/vulnerability/CVE-2025-55163	WEB
	https://osv.dev/vulnerability/CVE-2025-58056	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2025-59419	WEB
	https://osv.dev/vulnerability/CVE-2025-67735	WEB
	https://osv.dev/vulnerability/CVE-2025-68161	WEB
	https://osv.dev/vulnerability/CVE-2025-8916	WEB
	https://osv.dev/vulnerability/CVE-2026-24281	WEB
	https://osv.dev/vulnerability/CVE-2026-24308	WEB
	https://osv.dev/vulnerability/CVE-2026-33870	WEB
	https://osv.dev/vulnerability/CVE-2026-33871	WEB
	https://osv.dev/vulnerability/CVE-2026-5588	WEB
	https://osv.dev/vulnerability/ghsa-72hv-8253-57qq	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-10237	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-22569	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-22570	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3171	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3509	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3510	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-44981	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-23454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-23944	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-38827	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47554	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7254	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-27821	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-41249	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-49128	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-52999	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-53864	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55163	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59419	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-67735	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68161	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-8916	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24308	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33871	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5588	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "apache-hive"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.1.0-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-SV95049",
  "modified": "2026-05-14T06:03:08Z",
  "published": "2026-05-18T13:10:38.939090Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SV95049.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-22569"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-22570"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-44981"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-23454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-23944"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-38827"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-27821"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-41249"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49128"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-8916"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24308"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22570"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44981"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23944"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38827"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49128"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8916"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2023-2976, CVE-2023-44981, CVE-2024-23454, CVE-2024-23944, CVE-2024-38827, CVE-2024-47554, CVE-2024-6763, CVE-2024-7254, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-5588, ghsa-72hv-8253-57qq applied in versions: 4.1.0-r1, 4.1.0-r2",
  "upstream": [
    "CVE-2018-10237",
    "CVE-2020-8908",
    "CVE-2021-22569",
    "CVE-2021-22570",
    "CVE-2022-3171",
    "CVE-2022-3509",
    "CVE-2022-3510",
    "CVE-2023-2976",
    "CVE-2023-44981",
    "CVE-2024-23454",
    "CVE-2024-23944",
    "CVE-2024-38827",
    "CVE-2024-47554",
    "CVE-2024-6763",
    "CVE-2024-7254",
    "CVE-2025-11143",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-27821",
    "CVE-2025-41249",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-49128",
    "CVE-2025-52999",
    "CVE-2025-53864",
    "CVE-2025-55163",
    "CVE-2025-58056",
    "CVE-2025-58057",
    "CVE-2025-59419",
    "CVE-2025-67735",
    "CVE-2025-68161",
    "CVE-2025-8916",
    "CVE-2026-24281",
    "CVE-2026-24308",
    "CVE-2026-33870",
    "CVE-2026-33871",
    "CVE-2026-5588",
    "ghsa-72hv-8253-57qq"
  ]
}

CNVD-2026-09789

Vulnerability from cnvd - Published: 2026-01-30

Title

Apache Hadoop HDFS越界写入漏洞

Description

Apache Hadoop是一套用于在由通用硬件构建的大型集群上运行应用程序的框架。它实现了Map/Reduce编程范型，计算任务会被分割成小块（多次）运行在不同的节点上。 Apache Hadoop存在越界写入漏洞。该漏洞是由于程序未对用户输入的URI进行严格的边界检查。攻击者可利用该漏洞通过远程发送特制的恶意代码，引发客户端崩溃、数据损坏或执行任意代码。

Severity

高

Patch Name

Apache Hadoop HDFS越界写入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新: https://issues.apache.org/jira/browse/HDFS-17754

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-27821

Impacted products

Name
Apache Hadoop >=3.2.0，<3.4.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-27821",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
    }
  },
  "description": "Apache Hadoop\u662f\u4e00\u5957\u7528\u4e8e\u5728\u7531\u901a\u7528\u786c\u4ef6\u6784\u5efa\u7684\u5927\u578b\u96c6\u7fa4\u4e0a\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u7684\u6846\u67b6\u3002\u5b83\u5b9e\u73b0\u4e86Map/Reduce\u7f16\u7a0b\u8303\u578b\uff0c\u8ba1\u7b97\u4efb\u52a1\u4f1a\u88ab\u5206\u5272\u6210\u5c0f\u5757\uff08\u591a\u6b21\uff09\u8fd0\u884c\u5728\u4e0d\u540c\u7684\u8282\u70b9\u4e0a\u3002\n\nApache Hadoop\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u7528\u6237\u8f93\u5165\u7684URI\u8fdb\u884c\u4e25\u683c\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdc\u7a0b\u53d1\u9001\u7279\u5236\u7684\u6076\u610f\u4ee3\u7801\uff0c\u5f15\u53d1\u5ba2\u6237\u7aef\u5d29\u6e83\u3001\u6570\u636e\u635f\u574f\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0:\r\nhttps://issues.apache.org/jira/browse/HDFS-17754",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-09789",
  "openTime": "2026-01-30",
  "patchDescription": "Apache Hadoop\u662f\u4e00\u5957\u7528\u4e8e\u5728\u7531\u901a\u7528\u786c\u4ef6\u6784\u5efa\u7684\u5927\u578b\u96c6\u7fa4\u4e0a\u8fd0\u884c\u5e94\u7528\u7a0b\u5e8f\u7684\u6846\u67b6\u3002\u5b83\u5b9e\u73b0\u4e86Map/Reduce\u7f16\u7a0b\u8303\u578b\uff0c\u8ba1\u7b97\u4efb\u52a1\u4f1a\u88ab\u5206\u5272\u6210\u5c0f\u5757\uff08\u591a\u6b21\uff09\u8fd0\u884c\u5728\u4e0d\u540c\u7684\u8282\u70b9\u4e0a\u3002\r\n\r\nApache Hadoop\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u7528\u6237\u8f93\u5165\u7684URI\u8fdb\u884c\u4e25\u683c\u7684\u8fb9\u754c\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8fdc\u7a0b\u53d1\u9001\u7279\u5236\u7684\u6076\u610f\u4ee3\u7801\uff0c\u5f15\u53d1\u5ba2\u6237\u7aef\u5d29\u6e83\u3001\u6570\u636e\u635f\u574f\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hadoop HDFS\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Hadoop \u003e=3.2.0\uff0c\u003c3.4.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821",
  "serverity": "\u9ad8",
  "submitTime": "2026-01-30",
  "title": "Apache Hadoop HDFS\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2025-27821

Vulnerability from fkie_nvd - Published: 2026-01-26 10:16 - Updated: 2026-01-27 20:30

Severity

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/01/23/7	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	apache	hadoop	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:hadoop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EED8AAC-78E8-4337-97C1-7C8AAB2E7376",
              "versionEndExcluding": "3.4.2",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\n\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escritura fuera de l\u00edmites en el cliente nativo de Apache Hadoop HDFS.\n\nEste problema afecta a Apache Hadoop: desde la versi\u00f3n 3.2.0 hasta antes de la 3.4.2.\n\nSe recomienda a los usuarios actualizar a la versi\u00f3n 3.4.2, que corrige el problema."
    }
  ],
  "id": "CVE-2025-27821",
  "lastModified": "2026-01-27T20:30:26.927",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-26T10:16:05.033",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2026/01/23/7"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-92CC-952P-V8RH

Vulnerability from github – Published: 2026-01-26 12:30 – Updated: 2026-01-26 23:40

Summary

Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability

Details

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.

This issue affects Apache Hadoop: from 3.2.0 before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Severity

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.hadoop:hadoop-hdfs-native-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "fixed": "3.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-26T23:40:20Z",
    "nvd_published_at": "2026-01-26T10:16:05Z",
    "severity": "HIGH"
  },
  "details": "Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client.\n\nThis issue affects Apache Hadoop: from 3.2.0 before 3.4.2.\n\nUsers are recommended to upgrade to version 3.4.2, which fixes the issue.",
  "id": "GHSA-92cc-952p-v8rh",
  "modified": "2026-01-26T23:40:20Z",
  "published": "2026-01-26T12:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27821"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/hadoop/pull/7481"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/hadoop/commit/2b32e46f666c7645f5d1e026be3982b99319ccb8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/hadoop"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/HDFS-17754"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/kwjhyyx0wl2z9b0mw0styjk0hhdbyplh"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/01/23/7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability "
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-27821 (GCVE-0-2025-27821)

CERTFR-2026-AVI-0500

Solutions

cleanstart-2026-sq91016

Vulnerability from cleanstart

cleanstart-2026-sv95049

Vulnerability from cleanstart

CNVD-2026-09789

FKIE_CVE-2025-27821

GHSA-92CC-952P-V8RH

Tags

Sightings

Nomenclature