{"id":"CVE-2017-3161","details":"The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.","aliases":["GHSA-qm7f-r83w-3p46"],"modified":"2026-04-10T04:00:08.342907Z","published":"2017-04-26T20:59:00.213Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r127f75748fcabc63bc5a1bec6885753eb9b2bed803b6ed7bd46f965b%40%3Cuser.hadoop.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r66de86b9a608c1da70b2d27d765c11ec88edf6e5dd6f379ab33e072a%40%3Cuser.flink.apache.org%3E"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98025"},{"type":"ADVISORY","url":"https://s.apache.org/4MQm"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/hadoop","events":[{"introduced":"0"},{"last_affected":"e8c9fe0b4c252caf2ebf1464220599650f119997"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.6.5"}]}}],"versions":["rel/release-2.6.5","release-2.6.1","release-2.6.1-RC0","release-2.6.1-RC1","release-2.6.5-RC0","release-2.6.5-RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3161.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}