Skip to main content

Alluxio

2 CVEs product

Monthly

CVE-2023-38889 Maven CRITICAL POC Act Now

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Alluxio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-23848 Maven CRITICAL PATCH Act Now

In Alluxio before 2.7.3, the logserver does not validate the input stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alluxio
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Alluxio
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Alluxio before 2.7.3, the logserver does not validate the input stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alluxio
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy