Apache Hadoop Remote Code Execution Vulnerability (CVE-2022-25168) Alert

August 16, 2022

Overview Recently, NSFOCUS CERT found that Apache Hadoop officially fixed a command injection vulnerability. Since Apache Hadoop’s FileUtil.unTar API does not escape the input filename before passing it to the shell, an attacker could exploit this vulnerability to inject arbitrary commands and thus achieve remote code execution. Affected users are recommended to take steps to […]


Subscribe to the NSFOCUS Blog