hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.
Upgrade Hermes to at least hermes-2.2.9
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
Vendor | Product | Version | CPE |
---|---|---|---|
pl.allegro.tech.hermes\ | hermes | management | cpe:2.3:a:pl.allegro.tech.hermes\:hermes:management:*:*:*:*:*:*:*:* |