CVE-2017-7669: Improper Input Validation

June 5, 2017 (updated June 9, 2017)

In Apache Hadoop, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

References

www.securityfocus.com/bid/98795
nvd.nist.gov/vuln/detail/CVE-2017-7669

Code Behaviors & Features

Detect and mitigate CVE-2017-7669 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →