{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0.23.0" }, { "last_affected": "0.23.11" }, { "introduced": "2.0.0" }, { "last_affected": "2.7.6" }, { "introduced": "2.8.0" }, { "last_affected": "2.8.4" }, { "introduced": "2.9.0" }, { "last_affected": "2.9.1" }, { "introduced": "3.0.0" }, { "last_affected": "3.0.2" }, { "introduced": "0" }, { "last_affected": "2.0.0-alpha" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha1" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha2" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha3" }, { "introduced": "0" }, { "last_affected": "3.0.0-alpha4" }, { "introduced": "0" }, { "last_affected": "3.0.0-beta1" }, { "introduced": "0" }, { "last_affected": "3.1.0" } ] }, "events": [ { "introduced": "9f6e30b5abcbb10a37c751d71ee9bd304817db32" }, { "last_affected": "03898292180fa8dd4dbb2179bc015acf4b933c60" }, { "introduced": "0" }, { "last_affected": "085099c66cf28be31604560c376fa282e69282b8" }, { "introduced": "91f2b7a13d1e97be65db92ddabc627cc29ac0009" }, { "last_affected": "17e75c2a11685af3e043aa5e604dc831e5b14674" }, { "introduced": "756ebc8394e473ac25feac05fa493f6d612e6c50" }, { "last_affected": "e30710aea4e6e55e69372929106cf119af06fd0e" }, { "introduced": "c25427ceca461ee979d30edd7a4b0f50718e6533" }, { "last_affected": "5c141f7c0f24c12cb8704a6ccc1ff8ec991f41ee" }, { "introduced": "0" }, { "last_affected": "da30cf664ccc99a54059eb6b9ffa73dc68a95ed2" }, { "introduced": "0" }, { "last_affected": "a990d2ebcd6de5d7dc2d3684930759b0f0ea4dc3" }, { "introduced": "0" }, { "last_affected": "1337ef4eef14fbbb214e71b68b7eb07061a4a212" }, { "introduced": "0" }, { "last_affected": "7c0489beb9fdf12e223a9e57779d3fef765a44d2" }, { "introduced": "0" }, { "last_affected": "e324cf8a2a6e55e996414ff281fee757f09d8172" }, { "introduced": "0" }, { "last_affected": "1002c582d86ae8689c497c3d31b73f1ab92d5e29" }, { "introduced": "0" }, { "last_affected": "16b70619a24cdcf5d3b0fcf4b58ca77238ccbe6d" } ], "repo": "https://github.com/apache/hadoop", "type": "GIT" } ] } ], "details": "Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.", "id": "CVE-2018-8009", "modified": "2026-04-01T23:09:48.820416811Z", "published": "2018-11-13T21:29:00.417Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/a1c227745ce30acbcf388c5b0cc8423e8bf495d619cd0fa973f7f38d%40%3Cuser.hadoop.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r4dddf1705dbedfa94392913b2dad1cd2d1d89040facd389eea0b3510%40%3Ccommits.druid.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rb21df54a4e39732ce653d2aa5672e36a792b59eb6717f2a06bb8d02a%40%3Ccommits.druid.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/105927" }, { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "type": "ADVISORY", "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" }, { "type": "EVIDENCE", "url": "https://snyk.io/research/zip-slip-vulnerability" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }