Lucene search
+L

168 matches found

Prion
Prion
added 2022/07/06 1:15 p.m.22 views

Design/Logic Flaw

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

7.5CVSS9.7AI score0.42646EPSS
Exploits3References5Affected Software2
OSV
OSV
added 2022/07/06 1:15 p.m.2 views

UBUNTU-CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS7.4AI score0.42646EPSS
Exploits3References3
OSV
OSV
added 2022/07/06 12:0 a.m.13 views

CVE-2022-33980 Apache Commons Configuration insecure interpolation defaults

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS7.4AI score0.42646EPSS
Exploits3References7
CNNVD
CNNVD
added 2022/07/06 12:0 a.m.5 views

Apache Commons Configuration 代码注入漏洞

Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...

9.8CVSS9.2AI score0.42646EPSS
Exploits3References18
Debian CVE
Debian CVE
added 2022/07/06 12:0 a.m.41 views

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS8.3AI score0.42646EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2022/07/06 12:0 a.m.6 views

PT-2022-3497 · Apache +2 · Apache Commons Configuration +2

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.4 through 2.7 Description: The issue is related to the variable interpolation feature in Apache Commons Configuration, which allows properties to be dynamically evaluated and expanded. The standard form...

9.8CVSS8.6AI score0.99931EPSS
Exploits55References380
CVE
CVE
added 2022/07/06 12:0 a.m.537 views

CVE-2022-33980

CVE-2022-33980 affects Apache Commons Configuration (versions 2.4–2.7). The vulnerability arises in the default interpolation lookups, where interpolation of the form ${prefix:name} can trigger lookups such as script , dns , and url . These lookups could enable arbitrary code execution or contact...

9.8CVSS9.5AI score0.42646EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2022/07/06 12:0 a.m.23 views

CVE-2022-33980 Apache Commons Configuration insecure interpolation defaults

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

10AI score0.42646EPSS
Exploits3References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/23 6:3 p.m.34 views

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953)

Summary There is a vulnerability in Apache Commons used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

10CVSS2.6AI score0.06684EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/28 12:49 p.m.30 views

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Control Center (CVE-2020-1953)

Summary Apache Commons Configuration is vulnerable to remote attack. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an issue when allowing the instantiation of classes including...

10CVSS3.9AI score0.06684EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 2:48 p.m.32 views

Security Bulletin: IBP javaenv and dind images

Summary Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID: CVE-2020-1953...

10CVSS0.7AI score0.06684EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/10 12:0 a.m.6 views

The vulnerability of the Apache Commons Configuration library, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Apache Commons Configuration library is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.9AI score0.06684EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.6 views

apache-commons-configuration: uncontrolled class instantiation when loading YAML files

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS7.5AI score0.06684EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.118 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update

A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

10CVSS7.2AI score0.58373EPSS
Exploits16References50
RedHat Linux
RedHat Linux
added 2020/07/23 3:10 p.m.5 views

apache-commons-configuration: uncontrolled class instantiation when loading YAML files

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS7.5AI score0.06684EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/06/25 2:14 p.m.3 views

apache-commons-configuration: uncontrolled class instantiation when loading YAML files

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS7.5AI score0.06684EPSS
Exploits0References6
OSV
OSV
added 2020/05/21 7:8 p.m.2 views

GHSA-7QX4-PP76-VRQH Remote code execution in Apache Commons Configuration

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS7.3AI score0.06684EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2020/05/21 7:8 p.m.110 views

Remote code execution in Apache Commons Configuration

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

10CVSS4.7AI score0.06684EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2020/03/25 2:39 a.m.38 views

CVE-2020-1953

A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default...

10CVSS3AI score0.06684EPSS
Exploits0References5
CNVD
CNVD
added 2020/03/17 12:0 a.m.3 views

Apache Commons Configuration Input Validation Error Vulnerability

Apache Commons Configuration is the United States Apache Apache Software Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An input validation error vulnerability exists in Apache Commons...

10CVSS9.2AI score0.06684EPSS
Exploits0
Rows per page
Query Builder