CVE-2022-25168: Apache Hadoop Command Injection Vulnerability
Recently, Apache Hadoop fixed a command injection vulnerability. Since Apache Hadoop’s FileUtil.unTar API does not escape the input filename before passing it to the shell, an attacker could exploit this vulnerability to inject arbitrary...
