Vulnerability Details : CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
Vulnerability category: Execute code
Products affected by CVE-2023-38889
We don't have affected product information for this CVE yet
Exploit prediction scoring system (EPSS) score for CVE-2023-38889
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
References for CVE-2023-38889
-
https://github.com/Alluxio/alluxio/issues/17766
There's code injection vulnerability of alluxio.util.CommonUtils.getUnixGroups · Issue #17766 · Alluxio/alluxio · GitHub
Jump to