Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Remediation
References
https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1
Related Vulnerabilities
CVE-2022-34211 Vulnerability in maven package org.jenkins-ci.plugins:vmware-vrealize-orchestrator
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:portal-impl
CVE-2022-35924 Vulnerability in npm package next-auth
CVE-2023-29529 Vulnerability in npm package matrix-js-sdk
CVE-2020-1695 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs