{"url":"http://public2.vulnerablecode.io/api/packages/69163?format=json","purl":"pkg:maven/org.apache.ambari.contrib.views/ambari-contrib-views@2.7.0","type":"maven","namespace":"org.apache.ambari.contrib.views","name":"ambari-contrib-views","version":"2.7.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.8","latest_non_vulnerable_version":"2.7.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47136?format=json","vulnerability_id":"VCID-dyxy-xfsr-mfab","summary":"Apache Ambari: authenticated users could perform command injection to perform RCE\nMalicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nImpact:\nA Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host.","references":[{"reference_url":"https://github.com/apache/ambari","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/ambari"},{"reference_url":"https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/jglww6h6ngxpo1r6r5fx7ff7z29lnvv8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50379","reference_id":"CVE-2023-50379","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50379"},{"reference_url":"https://github.com/advisories/GHSA-rghc-9fhx-h32m","reference_id":"GHSA-rghc-9fhx-h32m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rghc-9fhx-h32m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69164?format=json","purl":"pkg:maven/org.apache.ambari.contrib.views/ambari-contrib-views@2.7.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari.contrib.views/ambari-contrib-views@2.7.8"}],"aliases":["CVE-2023-50379","GHSA-rghc-9fhx-h32m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyxy-xfsr-mfab"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ambari.contrib.views/ambari-contrib-views@2.7.0"}