Description
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Remediation
References
https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
Related Vulnerabilities
CVE-2017-3161 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs
CVE-2023-4043 Vulnerability in maven package org.eclipse.parsson:parsson
CVE-2023-41887 Vulnerability in maven package org.openrefine:database
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-standalone