Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-32647
HistoryJun 01, 2021 - 2:15 p.m.

CVE-2021-32647

2021-06-0114:15:10
Google
osv.dev
5

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a constructor with the following signature: <constructor>(String, String, String). An attacker may find a gadget (class) in the application classpath that could be used to achieve Remote Code Execution (RCE) or disrupt the application. Even though the chances to find a gadget (class) that allow arbitrary code execution are low, an attacker can still find gadgets that could potentially crash the application or leak sensitive data. As a work around disable network access to Emissary from untrusted sources.

Related

prion 1
cve 1
nvd 1
cvelist 1
prion
prion
Design/Logic Flaw
2021-06-01 14:15:00
cve
cve
CVE-2021-32647
2021-06-01 14:15:10
nvd
nvd
CVE-2021-32647
2021-06-01 14:15:10
cvelist
cvelist
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary
2021-05-28 23:05:10

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for OSV:CVE-2021-32647
prion1cve1nvd1cvelist1