Hello, I would like to know if this CVE which impacts Apache Hadoop is already resolve into HDP or CDP products ? Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. Versions affected: 2.0.0 to 2.10.1, 3.0.0-alpha1 to 3.2.3, 3.3.0 to 3.3.2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168 And, do we have any precautions other than upgrading? Thanks in advance for your help.
... View more
