Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elasticsearch-hadoop Unsafe Deserialization
Vulnerability Description
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Elasticsearch-hadoop 代码问题漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch-hadoop存在安全漏洞,该漏洞源于hadoop或spark配置属性中的java对象存在反序列化漏洞。受影响的产品和版本:Elasticsearch-hadoop 7.17.11 之前版本,8.0.0至8.9.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A