26 matches found
EUVD-2021-2371
Malware in sbrugna...
Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]
An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...
cron-utils: template Injection leading to unauthenticated Remote Code Execution
A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...
cron-utils: template Injection leading to unauthenticated Remote Code Execution
A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.2.1 security update
A security update to Red Hat Integration Camel Extensions for Quarkus 2.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System...
Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.2.5 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
CVE-2021-41269
A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...
Cron Utils Code Injection Vulnerability
Cron Utils is Jmrozanec individual developers of a Java code base for validating , parsing , migrating Cron expressions . A code injection vulnerability exists in Cron Utils that allows an attacker to inject arbitrary Java EL expressions to execute remote code...
Template Injection
cron-utils is vulnerable to template injection. An attacker can inject arbitrary java EL expressions through the parse function in CronParser.java, leading to remote code execution...
Critical vulnerability found in cron-utils
Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...
ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=0.0.41) +359 more potentially affected by CVE-2021-41269 via com.cronutils:cron-utils (>=2.0.0 <=9.1.5)
com.cronutils:cron-utils MAVEN version =2.0.0, =0.0.2, =0.0.21, =0.0.1, =1.0.30 - com.baomidou:jobs-spring-boot-starter =1.0.3 - com.cronutils:cron-utils-spring =1.0.1 - com.elastisys:autoscaler.core =5.2.2 - com.elastisys:autoscaler.distro.standard =5.2.2 -...
CVE-2021-41269
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
CVE-2021-41269
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
CVE-2021-41269
CVE-2021-41269 affects cron-utils, a Java library for parsing and migrating cron expressions. The issue is a template injection flaw in cron-utils that enables an attacker to inject arbitrary Java EL expressions, leading to unauthenticated remote code execution. The vulnerability affects versions...
CVE-2021-41269 Unauthenticated remote code injection in cron-utils
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
Cron Utils 代码注入漏洞
Cron Utils is Jmrozanec individual developers of a Java code base for validating , parsing , migrating Cron expressions . A code injection vulnerability exists in Cron Utils that allows an attacker to inject arbitrary Java EL expressions to execute remote code...
cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution
A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...
Template Injection
cron-utils is vulnerable to a template Injection vulnerability. The use of cron-utils with @Cron annotation allows an attacker to inject malicious Java EL expressions as it does not properly validate the untrusted Cron expressions, leading to a remote code execution...
CVE-2020-26238
A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...
CVE-2020-26238
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote...