[MAVEN:GHSA-P7W2-784M-QPQ9] Apache Ambari Expression Language Injection vulnerability

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Package	Affected Version
pkg:maven/org.apache.ambari/ambari	>= 2.7.0, < 2.7.7

Package	Fixed Version
pkg:maven/org.apache.ambari/ambari	= 2.7.7

ID: MAVEN:GHSA-P7W2-784M-QPQ9
Severity: high
URL: https://github.com/advisories/GHSA-p7w2-784m-qpq9
Published: 2023-07-12T12:31:35
(14 months ago)
Modified: 2023-11-07T05:05:14
(10 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-45855
			https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1
			https://github.com/advisories/GHSA-p7w2-784m-qpq9

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.ambari/ambari	org.apache.ambari	ambari	>= 2.7.0 < 2.7.7
Fixed	pkg:maven/org.apache.ambari/ambari	org.apache.ambari	ambari	= 2.7.7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date