High severity8.8NVD Advisory· Published Jan 21, 2025· Updated Jun 17, 2026
CVE-2024-51941
CVE-2024-51941
Description
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.
Affected products
3- Apache Software Foundation/Apache Ambariv5Range: 0
Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2025/01/21/9nvdMailing ListVendor Advisory
- lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8jnvdVendor Advisory
News mentions
0No linked articles in our index yet.