44 matches found
EUVD-2026-4194
Malicious code in @alluxio/common-ui npm...
Malicious code in @alluxio/common-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f082b7a72d74e881f10d6e0f01c1aef7a0a07b0f446d5a9d31a4763ffed2ed8 The package @alluxio/common-ui was found to contain malicious code. Source: ghsa-malware...
MAL-2026-451 Malicious code in @alluxio/common-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f082b7a72d74e881f10d6e0f01c1aef7a0a07b0f446d5a9d31a4763ffed2ed8 The package @alluxio/common-ui was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview @alluxio/common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2022-1063
Malicious code in bioql PyPI...
EUVD-2023-2382
Malicious code in bioql PyPI...
EUVD-2023-1661
Malicious code in bioql PyPI...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2022-23848
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...
CVE-2020-21485
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component...
Arbitrary Code Execution
org.alluxio:alluxio-core-common is vulnerable to Arbitrary Code Execution. The vulnerability is due to the lluxio.util.CommonUtils.getUnixGroups method which improperly sanitizes the shell command which is used to get the Unix groups of a user. This allows an attacker to inject arbitrary code int...
GHSA-XRRH-H86W-PWFJ Alluxio vulnerable to arbitrary code execution
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
Alluxio vulnerable to arbitrary code execution
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
Design/Logic Flaw
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
Alluxio CVE-2023-38889 affects v2.9.3 and earlier. The issue stems from lluxio.util.CommonUtils.getUnixGroups(java.lang.String) where the shell command is not properly sanitized, enabling an attacker to execute arbitrary code via a crafted username parameter. Public references describe the vulner...