Alluxio <=2.9.3 RCE via CommonUtils.getUnixGroups username param
CVE-2023-38889 Published on August 15, 2023

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).

NVD

Products Associated with CVE-2023-38889

Want to know whenever a new CVE is published for Alluxio? stack.watch will email you.

Alluxio

Exploit Probability

EPSS

0.37%

Percentile

59.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Alluxio <=2.9.3 RCE via CommonUtils.getUnixGroups username paramCVE-2023-38889 Published on August 15, 2023

Products Associated with CVE-2023-38889

Exploit Probability

Alluxio <=2.9.3 RCE via CommonUtils.getUnixGroups username param
CVE-2023-38889 Published on August 15, 2023