3 matches found
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...
CVE-2023-38889
Alluxio CVE-2023-38889 affects v2.9.3 and earlier. The issue stems from lluxio.util.CommonUtils.getUnixGroups(java.lang.String) where the shell command is not properly sanitized, enabling an attacker to execute arbitrary code via a crafted username parameter. Public references describe the vulner...