{"id":"GHSA-wx8q-4gm9-rj2g","summary":"Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime","details":"### Impact\nOS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to unauthorized access, modification or deletion of data.\n\n### Patches\nFor users who're using version \u003c 0.9.3 with JuicefsRuntimeļ¼Œ upgrade to v0.9.3.\n\n### References\n_Are there any links users can visit to find out more?_\n\n### Credits\n\nSpecial thanks to the discovers of this issue:\n\nXiaozheng Zhang [xiaozheng_zhang@outlook.com](xiaozheng_zhang@outlook.com)","aliases":["CVE-2023-51699","GO-2024-2644"],"modified":"2025-04-09T19:58:59Z","published":"2024-03-15T16:35:11Z","related":["CVE-2023-51699"],"database_specific":{"severity":"MODERATE","github_reviewed":true,"cwe_ids":["CWE-78"],"github_reviewed_at":"2024-03-15T16:35:11Z","nvd_published_at":"2024-03-15T19:15:06Z"},"references":[{"type":"WEB","url":"https://github.com/fluid-cloudnative/fluid/security/advisories/GHSA-wx8q-4gm9-rj2g"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-51699"},{"type":"WEB","url":"https://github.com/fluid-cloudnative/fluid/commit/02b7cd8b79a26092df95d625664994bda485c722"},{"type":"WEB","url":"https://github.com/fluid-cloudnative/fluid/commit/e0184cff8790ad000c3e8943392c7f544fad7d66"},{"type":"PACKAGE","url":"https://github.com/fluid-cloudnative/fluid"}],"affected":[{"package":{"name":"github.com/fluid-cloudnative/fluid","ecosystem":"Go","purl":"pkg:golang/github.com/fluid-cloudnative/fluid"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.9.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-wx8q-4gm9-rj2g/GHSA-wx8q-4gm9-rj2g.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N"}]}