Arbitrary Command Execution Vulnerability in Apache Hadoop

Arbitrary Command Execution Vulnerability in Apache Hadoop

CVE-2021-33036 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Learn more about our Cis Benchmark Audit For Apache Http Server.