Apache · Apache Hadoop · CVE-2016-5393
**Name of the Vulnerable Software and Affected Versions**
Apache Hadoop versions 2.6.x through 2.6.4
Apache Hadoop versions 2.7.x through 2.7.2
**Description**
A remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
**Recommendations**
For Apache Hadoop versions 2.6.x through 2.6.4, update to version 2.6.5 or later.
For Apache Hadoop versions 2.7.x through 2.7.2, update to version 2.7.3 or later.