Description
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-2093 | SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. |
Github GHSA |
GHSA-m384-pj54-5vr2 | Apache Ambari Expression Language Injection vulnerability |
References
History
Fri, 04 Oct 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-10-04T13:49:38.984Z
Reserved: 2022-10-02T08:56:54.293Z
Link: CVE-2022-42009
Updated: 2024-08-03T12:56:39.252Z
Status : Modified
Published: 2023-07-12T10:15:09.447
Modified: 2026-06-17T05:04:14.033
Link: CVE-2022-42009
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
EUVD
Github GHSA