168 matches found
Design/Logic Flaw
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
UBUNTU-CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
CVE-2022-33980 Apache Commons Configuration insecure interpolation defaults
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
Apache Commons Configuration 代码注入漏洞
Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...
CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
PT-2022-3497 · Apache +2 · Apache Commons Configuration +2
Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.4 through 2.7 Description: The issue is related to the variable interpolation feature in Apache Commons Configuration, which allows properties to be dynamically evaluated and expanded. The standard form...
CVE-2022-33980
CVE-2022-33980 affects Apache Commons Configuration (versions 2.4–2.7). The vulnerability arises in the default interpolation lookups, where interpolation of the form ${prefix:name} can trigger lookups such as script , dns , and url . These lookups could enable arbitrary code execution or contact...
CVE-2022-33980 Apache Commons Configuration insecure interpolation defaults
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953)
Summary There is a vulnerability in Apache Commons used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...
Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Control Center (CVE-2020-1953)
Summary Apache Commons Configuration is vulnerable to remote attack. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an issue when allowing the instantiation of classes including...
Security Bulletin: IBP javaenv and dind images
Summary Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID: CVE-2020-1953...
The vulnerability of the Apache Commons Configuration library, related to insufficient validation of input data, allows attackers to execute arbitrary code.
The vulnerability of the Apache Commons Configuration library is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
apache-commons-configuration: uncontrolled class instantiation when loading YAML files
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...
Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update
A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
apache-commons-configuration: uncontrolled class instantiation when loading YAML files
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...
apache-commons-configuration: uncontrolled class instantiation when loading YAML files
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...
GHSA-7QX4-PP76-VRQH Remote code execution in Apache Commons Configuration
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...
Remote code execution in Apache Commons Configuration
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...
CVE-2020-1953
A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...
Apache Commons Configuration Input Validation Error Vulnerability
Apache Commons Configuration is the United States Apache Apache Software Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An input validation error vulnerability exists in Apache Commons...