Lucene search
GitHub Advisory DatabaseGHSA-M384-PJ54-5VR2HistoryJul 12, 2023 - 12:31 p.m.
Apache Ambari Expression Language Injection vulnerability
2023-07-1212:31:35
CWE-917
GitHub Advisory Database
github.com
9
apache ambari
springel
injection
vulnerability
upgrade
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
17.6%
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Affected configurations
Node
org.apache.ambari\Matchambari
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.ambari:ambari | lt | 2.7.7 |
Related
nvd
nvd
CVE-2022-42009
2023-07-12 10:15:09
osv
osv
Apache Ambari Expression Language Injection vulnerability
2023-07-12 12:31:35
CVE-2022-42009
2023-07-12 10:15:09
cve
cve
CVE-2022-42009
2023-07-12 10:15:09
cvelist
cvelist
veracode
veracode
Arbitrary Code Injection
2023-07-17 10:12:07
prion
prion
Sql injection
2023-07-12 10:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
17.6%
Related for GHSA-M384-PJ54-5VR2