3 matches found
CVE-2022-23848
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...
fr.jetoile.hadoop:hadoop-unit-client-alluxio (>=2.2 <=3.8), io.minio:spark-benchmarks-dfsio_2.11 (=0.2.0) +57 more potentially affected by CVE-2022-23848 via org.alluxio:alluxio-core-common (>=1.0.0 <=2.7.2)
org.alluxio:alluxio-core-common MAVEN version =1.0.0, =2.2, =1.0.0, =1.5.0, =1.8.2, =1.1.0, =1.5.0, =1.5.0, =1.0.0, =1.5.0, =1.0.0, =1.5.0, =1.8.2, =1.8.2, =295 and more Source cves: CVE-2022-23848 Source advisory: OSV:GHSA-J3CH-VJPH-8Q6V...
CVE-2022-23848
In CVE-2022-23848, Alluxio before 2.7.3 does not validate the input stream in the logserver, which could allow malformed data handling to affect logging behavior or control flow. The NVD metrics indicate a high-severity, network-exposed issue with potential impact to confidentiality, integrity, a...