Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) Affecting org.apache.ambari:ambari-agent package, versions [0,]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JAVA-ORGAPACHEAMBARI-8653223
- published22 Jan 2025
- disclosed21 Jan 2025
- credit4ra1n, h4cking2thegate
Introduced: 21 Jan 2025
NewCVE-2024-51941 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
A fix was pushed into the master branch but not yet published.
Overview
Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) through the alert script execution path. An attacker with authenticated access can execute commands on the server by injecting malicious input.