nuclei-templates/vulnerabilities/other/yarn-resourcemanager-rce.yaml

26 lines
667 B
YAML

id: yarn-resourcemanager-rce
info:
name: Apache Yarn ResourceManager RCE
author: pdteam
severity: low
tags: apache,rce
description: A vulnerability in Apache Yarn ResourceManager allows remote unauthenticated users to cause the product to execute arbitrary code.
reference: https://neerajsabharwal.medium.com/hadoop-yarn-hack-9a72cc1328b6
requests:
- method: POST
path:
- '{{BaseURL}}/ws/v1/cluster/apps/new-application'
matchers-condition: and
matchers:
- type: word
words:
- application-id
- maximum-resource-capability
condition: and
- type: status
status:
- 200