漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Elasticsearch-hadoop Unsafe Deserialization
Vulnerability Description
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Elasticsearch-hadoop 代码问题漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch-hadoop存在安全漏洞,该漏洞源于hadoop或spark配置属性中的java对象存在反序列化漏洞。受影响的产品和版本:Elasticsearch-hadoop 7.17.11 之前版本,8.0.0至8.9.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A