Описание
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Ссылки
- Mailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
- Mailing ListVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:sentry:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:sentry:1.6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00713
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
EPSS
Процентиль: 72%
0.00713
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284