hadoop-common is vulnerable to OS command injection. The vulnerability exists due to lack of sanitization of input file name by FileUtil.unTar(File, File) API before being passed to the shell, allowing an attacker to pass malicious file name and inject arbitrary commands.Read More