Alluxio (formerly known as Tachyon) is a virtual distributed storage system. It bridges the gap between computation frameworks and storage systems, enabling computation applications to connect to numerous storage systems through a common interface. Alluxio is used in production to manage Petabytes of data in many leading companies, with the largest deployment exceeding 3,000 nodes. Read more about Alluxio Overview.
Alluxio supports sending logs to a remote log server over the network. This feature can be useful to system administrators who have to perform the task of log collection. With remote logging, the log files, e.g. master.log, worker.log, etc. on all Alluxio servers will be readily available on a designated and configurable directory on the log server.
Alluxio 1.6, 1.7, 1.8, 2.0.x, 2.1.x, 2.2.x, 2.3.x and 2.4.x with remote logging enabled using Alluxio Logserver, are affected by a remote code execution vulnerability. The class AlluxioLog4jSocketNode calls ObjectInputStream.readObject without validating the input data before deserializing leading to a remote code execution vulnerability.
Alluxio 1.6, 1.7, 1.8, 2.0.x, 2.1.x, 2.2.x, 2.3.x and 2.4.x