Duo Zhang

**Name of the Vulnerable Software and Affected Versions** Apache Hadoop versions 2.2.0 through 2.8.4 Apache Hadoop versions 2.9.0 through 2.9.1 Apache Hadoop versions 3.0.0-alpha1 through 3.1.0 **Description** The issue is related to insufficient access control in the Apache Hadoop platform, which can be exploited by a remote attacker to elevate privileges to the root level and execute arbitrary code. A user who can escalate to the yarn user may be able to run arbitrary commands as the root user. **Recommendations** For Apache Hadoop versions 2.2.0 through 2.8.4, update to a version outside of this range to mitigate the risk. For Apache Hadoop versions 2.9.0 through 2.9.1, update to a version outside of this range to mitigate the risk. For Apache Hadoop versions 3.0.0-alpha1 through 3.1.0, update to a version outside of this range to mitigate the risk.