Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Remediation
References
https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1
Related Vulnerabilities
CVE-2023-28682 Vulnerability in maven package org.jenkins-ci.plugins:perfpublisher
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2018-11764 Vulnerability in maven package org.apache.hadoop:hadoop-core
CVE-2023-49446 Vulnerability in maven package com.jfinal:jfinal
CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix