-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability involves SpringEL injection in the server agent. AgentResource.handleRegister is the primary entry point for agent registration where host information is processed. SpringEL injection typically occurs when user-controlled input is evaluated with StandardEvaluationContext (which allows full code execution) rather than the restricted SimpleEvaluationContext. The authenticated nature of the attack aligns with agent registration requiring authentication. While exact patch details are unavailable, this pattern matches the vulnerability description and Spring security best practices for SpEL evaluation contexts.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.ambari:ambari | maven | >= 2.7.0, < 2.7.7 | 2.7.7 |
Ongoing coverage of React2Shell