Описание
Command injection in Alluxio
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.
Пакеты
Наименование
org.alluxio:alluxio-core-common
maven
Затронутые версииВерсия исправления
< 2.7.3
2.7.3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.