CVE-2023-28935

Name of the Vulnerable Software and Affected Versions Apache UIMA DUCC (affected versions not specified)

Description The issue is related to an Improper Neutralization of Special Elements used in a Command, also known as a 'Command Injection' vulnerability. When using the Distributed UIMA Cluster Computing (DUCC) module of Apache UIMA, an authenticated user with permissions to modify core entities can cause command execution as the system user that runs the web process. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.