
Recently, Apache Hadoop fixed a command injection vulnerability. Since Apache Hadoop’s FileUtil.unTar API does not escape the input filename before passing it to the shell, an attacker could exploit this vulnerability to inject arbitrary...
The post CVE-2022-25168: Apache Hadoop Command Injection Vulnerability appeared first on Penetration Testing.