SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
                
            References
                    | Link | Resource | 
|---|---|
| https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1 | Vendor Advisory | 
| https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1 | Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2023-07-12 10:15
Updated : 2024-11-21 07:29
NVD link : CVE-2022-45855
Mitre link : CVE-2022-45855
CVE.ORG link : CVE-2022-45855
JSON object : View
Products Affected
                apache
- ambari
CWE
                
                    
                        
                        CWE-917
                        
            Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
