From securityonline.info
![CVE-2021-25642](https://cdn-0.securityonline.info/wp-content/uploads/2022/08/Hadoop-cve.png?ezimgfmt=ng%3Awebp%2Fngcb1%2Frs%3Adevice%2Frscb1-1)
Recently, Apache Hadoop fixed a command injection vulnerability. This bug is caused by a flaw when ZKConfigurationStore is used, an attacker could exploit this vulnerability to inject arbitrary commands and thus achieve remote code execution. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands as a YARN user on the system. Track as CVE-2021-25642, the flaw severity is important. Security researcher Liu Ximing has been credited with reporting this flaw.