Description
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
Remediation
References
https://github.com/Alluxio/alluxio/issues/17766
Related Vulnerabilities
CVE-2016-4437 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2023-29014 Vulnerability in maven package io.goobi.viewer:viewer-core
CVE-2012-5784 Vulnerability in maven package axis:axis
CVE-2017-16089 Vulnerability in npm package serverlyr
CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common