Alluxio/alluxio

Releases162

Frequency3 weeks 5 days

Last Release almost 2 years ago

Stars7.2K

Alluxio, data orchestration for analytics and machine learning in the cloud

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-38889 ↗	Aug 15, 2023Tuesday, 15 August 2023, 17:15	9.8 CRITICAL	—
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
CVE-2020-21485 ↗	Jun 20, 2023Tuesday, 20 June 2023, 15:15	6.1 MEDIUM	—
Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.