The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
CPE | Name | Operator | Version |
---|---|---|---|
hadoop | eq | release-2.6.1 | |
hadoop | eq | release-2.6.5-RC1 | |
hadoop | eq | release-2.6.1-RC1 | |
hadoop | eq | rel/release-2.6.5 | |
hadoop | eq | release-2.6.1-RC0 | |
hadoop | eq | release-2.6.5-RC0 |