Apache CloudStack is an open-source cloud computing platform. The vulnerability affects the improper control of code generation in certain APIs, allowing attackers to inject malicious code and potentially execute arbitrary commands on the server.
Apache CloudStack is an open-source cloud computing platform. The vulnerability affects the improper control of code generation in certain APIs, allowing attackers to inject malicious code and potentially execute arbitrary commands on the server.
You're affected if you use Apache CloudStack versions 4.18.0 before 4.20.2 or 4.21.0 before 4.22.0. Check with: grep "cloudstack" /var/log/apache2/error.log (Note: This command is specific to Ubuntu-based systems and may need to be adjusted for other distributions.)
This is Apache CloudStack, NOT OpenStack or OpenNebula.
Upgrade to versions 4.20.2 or 4.22.0, which contain the fix.
Maven: Update your pom.xml dependency version
Immediate mitigations:
- Set js.interpretation.enabled=false as a JVM flag (Note: This requires modifying the CloudStack configuration file)
- Restrict network access to your CloudStack instance (firewall it from the public internet)