Code injection in oscore

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument...

Ericsson OSCORE 代码注入漏洞

Ericsson OSCORE is a new lightweight IoT security protocol from Ericsson Sweden. A security vulnerability exists in Ericsson OSCORE v2.2.6 and earlier versions, which stems from a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless...