Описание
Apache Ambari Expression Language Injection vulnerability
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Пакеты
Наименование
org.apache.ambari:ambari
maven
Затронутые версииВерсия исправления
>= 2.7.0, < 2.7.7
2.7.7
Связанные уязвимости
CVSS3: 8
nvd
больше 2 лет назад
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.