Description
In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is incomplete. A user who can escalate to yarn user can possibly run arbitrary commands as root user.
Remediation
References
http://www.securityfocus.com/bid/106035
https://lists.apache.org/thread.html/ff37bbbe09d5f03090e2dd2c3dea95de16ef4249e731f19b8959ce4c%40%3Cgeneral.hadoop.apache.org%3E
Related Vulnerabilities
CVE-2022-35915 Vulnerability in npm package openzeppelin-eth
CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-21430 Vulnerability in maven package org.openapitools:openapi-generator-project
CVE-2023-35147 Vulnerability in maven package org.jenkins-ci.plugins:aws-codecommit-trigger