3 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Un problema en Alluxio v.2.9.3 y anteriores permite a un atacante ejecutar código arbitrario a través de un script manipulado en el parámetro username de lluxio.util.CommonUtils.getUnixGroups(java.lang.String). • https://github.com/Alluxio/alluxio/issues/17766 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. • https://github.com/Alluxio/alluxio/issues/10552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability. En Alluxio versiones anteriores a 2.7.3, el servidor de registros no comprueba el flujo de entrada. NOTA: esto no es lo mismo que la vulnerabilidad CVE-2021-44228 de Log4j • https://www.alluxio.io/download/releases/alluxio-2-7-3-release •