Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Remediation
References
https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1
Related Vulnerabilities
CVE-2023-27899 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-8010 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-40185 Vulnerability in npm package shescape
CVE-2019-10370 Vulnerability in maven package org.jenkins-ci.plugins:mask-passwords
CVE-2020-6541 Vulnerability in maven package org.webjars.npm:electron