Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2022-22970,CVE-2022-22971 as it does have Spring Framework versions 5.3.0 to 5.3.20, 5.2.0 to 5.2.22, and older versions. IBM Common Licensing is vulnerable to a remote code execution in Apache Commons...

The vulnerability of the Apache Commons Configuration library, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the Apache Commons Configuration library is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted script, DNS, and URL requests...

CVE-2022-33980

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

Code injection in Apache Commons Configuration

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

GHSA-XJ57-8QJ4-C4M6 Code injection in Apache Commons Configuration

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

DEBIAN-CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

Design/Logic Flaw

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

UBUNTU-CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

CVE-2022-33980 Apache Commons Configuration insecure interpolation defaults

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

CVE-2022-33980

CVE-2022-33980 affects Apache Commons Configuration (versions 2.4–2.7). The vulnerability arises in the default interpolation lookups, where interpolation of the form ${prefix:name} can trigger lookups such as script , dns , and url . These lookups could enable arbitrary code execution or contact...

Apache Commons Configuration 代码注入漏洞

Apache Commons is a project of the Apache Software Foundation. Apache Commons is vulnerable to a remote code execution vulnerability that could be exploited by attackers to execute malicious code via injection attacks, write webshells to websites, and take control of entire websites or even serve...

PT-2022-3497 · Apache +2 · Apache Commons Configuration +2

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.4 through 2.7 Description: The issue is related to the variable interpolation feature in Apache Commons Configuration, which allows properties to be dynamically evaluated and expanded. The standard form...

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Sterling Connect:Direct File Agent (CVE-2020-1953)

Summary There is a vulnerability in Apache Commons used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

Security Bulletin: Apache Commons Configuration Vulnerability Affects IBM Control Center (CVE-2020-1953)

Summary Apache Commons Configuration is vulnerable to remote attack. Vulnerability Details CVEID: CVE-2020-1953 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an issue when allowing the instantiation of classes including...

Security Bulletin: IBP javaenv and dind images

Summary Versions of IBP images javaenv and dind before 2.5.1 included a version of gradle that depended upon vulnerable Apache libraries. Gradle is a build system, intended to aid in building chaincode, though not required for building chaincode. Vulnerability Details CVEID: CVE-2020-1953...