Description
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
Remediation
References
https://github.com/Alluxio/alluxio/issues/17766
Related Vulnerabilities
CVE-2018-1002204 Vulnerability in maven package org.webjars.npm:adm-zip
CVE-2018-14042 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.13
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css
CVE-2021-21428 Vulnerability in maven package org.openapitools:openapi-generator-online