CVE-2022-38305
published 2022-09-13CVE-2022-38305: AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.95%
56.7th percentile
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aerocms_project | aerocms | — | — |
| apache | hadoop | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_apache9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x83r-6vrr-539w: AeroCMS v0
ghsa_unreviewed·2022-09-14
CVE-2022-38305 [HIGH] CWE-434 GHSA-x83r-6vrr-539w: AeroCMS v0
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
GHSA
Apache Hadoop argument injection vulnerability
ghsa·2022-08-05
CVE-2022-25168 [CRITICAL] CWE-78 Apache Hadoop argument injection vulnerability
Apache Hadoop argument injection vulnerability
Apache Hadoop's `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which vers
Red Hat
hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
vendor_redhat·2022-08-08·CVSS 9.8
CVE-2022-25168 [CRITICAL] CWE-88 hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
hadoop: Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar
Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed,
Apache
Apache hadoop: CVE-2022-25168
vendor_apache·CVSS 9.8
CVE-2022-25168 [CRITICAL] Apache hadoop: CVE-2022-25168
Apache hadoop: CVE-2022-25168
Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring/zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop li
No detection rules found.
No public exploits indexed.
2022-09-13
Published