Description
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
Remediation
References
https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1
Related Vulnerabilities
CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-web-api
CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-web-security
CVE-2022-24947 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin
CVE-2010-3718 Vulnerability in maven package org.apache.tomcat:catalina