Alluxio

alluxio

Vendor: Alluxio • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-38889 1Alluxio 1Alluxio Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
CVE-2020-21485 1Alluxio 1Alluxio Jun 17, 2026 Jun 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.
CVE-2022-23848 1Alluxio 1Alluxio Jun 17, 2026 Feb 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability.