Description
In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.
Remediation
References
https://www.alluxio.io/download/releases/alluxio-2-7-3-release/
Related Vulnerabilities
CVE-2019-11272 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka
CVE-2018-1000665 Vulnerability in maven package org.webjars.npm:dojo
CVE-2020-1727 Vulnerability in maven package org.keycloak:keycloak-services