RE: Backward Compatibility for HDFS 2.7.3

Hello Hema & team, Can you please help in below query, this is little urgent for us. Regards, Deepti Sharma PMP® & ITIL From: Deepti Sharma S Sent: Thursday, August 4, 2022 9:50 AM To: Hema Kumar Cc: user@hadoop.apache.org; Deepak Nangia ; hdfs-...@hadoop.apache.org Subject: RE: Backward Co

CVE-2022-25168: Apache Hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar

Severity: important Versions affected: 2.0.0 to 2.10.1, 3.0.0-alpha to 3.2.3, 3.3.0 to 3.3.2 Description: Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop