Maven package
org.alluxio/alluxio-parent
pkg:maven/org.alluxio/alluxio-parent
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38889 | — | <= 2.9.3 | — | Aug 15, 2023 | An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). | ||
| CVE-2020-21485 | — | <= 1.8.1 | — | Jun 20, 2023 | Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. |
- CVE-2023-38889Aug 15, 2023affected <= 2.9.3
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
- CVE-2020-21485Jun 20, 2023affected <= 1.8.1
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.