org.apache.ambari:ambari 1.7.0.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.ambari:ambari package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Information Exposure Affected versions of this package are vulnerable to Information Exposure due to including KDC administrator passwords on the `kadmin` command line, which allows local users to obtain sensitive information via a process listing. How to fix Information Exposure? A fix was pushed into the `master` branch but not yet published.	[0,)
H Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection'). SpringEL injection in the server agent allows a malicious authenticated user to execute arbitrary code remotely. How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')? A fix was pushed into the `master` branch but not yet published.	[0,)
H Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection'). SpringEL injection in the metrics source, allows a malicious authenticated user to execute arbitrary code remotely. How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Information Exposure

Affected versions of this package are vulnerable to Information Exposure due to including KDC administrator passwords on the kadmin command line, which allows local users to obtain sensitive information via a process listing.

How to fix Information Exposure?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection'). SpringEL injection in the server agent allows a malicious authenticated user to execute arbitrary code remotely.

How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection'). SpringEL injection in the metrics source, allows a malicious authenticated user to execute arbitrary code remotely.

How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')?

A fix was pushed into the master branch but not yet published.

[0,)

org.apache.ambari:ambari@1.7.0.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?