从提供的图像中,我们可以总结出一些关键的关于Hadoop漏洞的信息,特别是针对CVSS评分最高的漏洞CVE-2023-26031和CVE-2023-26253。 ### CVE-2023-26031: Privilege Escalation - **Description**: This vulnerability is due to a flaw in the Linux Container Executor binary in Apache Hadoop. A local attacker can exploit this to gain root privileges. - **Impact**: Privilege escalation on systems running the affected versions. - **Affected Versions**: Hadoop versions from 2.3.0 to 2.7.7 and 2.8.0 to 2.9.2 are affected. - **Recommendations**: Upgrade to Hadoop 3.3.5 or later versions which does not include JMSAppender in the Log4j configuration. ### CVE-2023-26253: Remote Code Execution - **Description**: This vulnerability is due to a flaw in the way Hadoop YARN deserializes data obtained from ZooKeeper. An attacker with access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. - **Impact**: Remote code execution on the YARN master node. - **Affected Versions**: Hadoop versions from 2.8.0 to 2.9.1 and 3.0.0-alpha1 to 3.0.0, 3.0.1, 3.1.0 and 3.2.0 are affected. - **Recommendations**: Upgrade to a fixed version which serializes/deserializes data safely. The provided markdown text outlines the critical vulnerabilities and their impact on systems running Apache Hadoop. It also provides recommendations for mitigation and the affected versions of Hadoop. For CVE-2023-26031, upgrading to the fixed version (Hadoop 3.3.5 or later) is recommended, while for CVE-2023-26253, the recommendation is to upgrade to a fixed version which serializes/deserializes data safely.