id: yarn-resourcemanager-rce info: name: Apache Yarn ResourceManager RCE author: pdteam severity: low tags: apache,rce description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code. reference: https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6 requests: - method: POST path: - '{{BaseURL}}/ws/v1/cluster/apps/new-application' matchers-condition: and matchers: - type: word words: - application-id - maximum-resource-capability condition: and - type: status status: - 200