Advisories for Maven/Org.apache.ambari/Ambari-Client package

2023

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.

2021

Cross-site Scripting

A cross-site scripting issue was found in Apache Ambari Views.