Miggo Logo

CVE-2018-8009: Path Traversal in Hadoop

8.8

CVSS Score
3.0

Basic Information

EPSS Score
0.91972%
Published
12/21/2018
Updated
3/4/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.hadoop:hadoop-mainmaven= 3.1.03.1.1
org.apache.hadoop:hadoop-mainmaven>= 3.0.0, < 3.0.33.0.3
org.apache.hadoop:hadoop-mainmaven>= 2.9.0, < 2.9.22.9.2
org.apache.hadoop:hadoop-mainmaven>= 2.8.0, < 2.8.52.8.5
org.apache.hadoop:hadoop-mainmaven< 2.7.72.7.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path validation during archive extraction. The commit diff shows critical security checks were added to both unZip and unpackEntries functions to prevent path traversal via canonical path validation. The CVE description explicitly references zip file handling as the attack vector, and the added test cases (testUnZip2) demonstrate exploitation attempts using '../' paths. These functions were directly modified in the patch to address the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** ***oop *.*.*, *.*.*-*lp** to *.*.*, *.*.* to *.*.*, *.*.* to *.*.*, *.*.*-*lp** to *.*.*, *.**.* to *.**.** is *xploit**l* vi* t** zip slip vuln*r**ility in pl***s t**t ****pt * zip *il*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* v*li**tion *urin* *r**iv* *xtr**tion. T** *ommit *i** s*ows *riti**l s**urity ****ks w*r* ***** to *ot* unZip *n* unp**k*ntri*s *un*tions to pr*v*nt p*t* tr*v*rs*l vi* **noni**l p*t* v*li**tion. T** *V* **s*