1084 matches found
OneVision Workspace 安全漏洞
OneVision Workspace is a software solution for automating PDF workflows from OneVision. A security vulnerability exists in OneVision Workspace versions prior to WS23.1 SR1, which originates from allowing the execution of arbitrary Java EL expressions...
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
Impact In vega 5.30.0 and lower, vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. Patches Patched in vega 5.31.0 / vega-functions 5.16.0 Workarounds Is there a way for users to fix or remediate th...
Expression Language Injection
Overview Affected versions of this package are vulnerable to Expression Language Injection via the getRuntime function accessible via the /snail-job/workflow/check-node-expression endpoint. An attacker can execute arbitrary code by manipulating the nodeExpression argument to trigger...
AZL-58872 CVE-2025-29786 affecting package coredns for versions less than 1.11.4-5
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...
UBUNTU-CVE-2025-29786
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...
Expr 安全漏洞
Expr is an expression language and expression evaluation for Go open-sourced by Expr. A security vulnerability exists in versions of Expr prior to 1.17.0, which stems from an unlimited input size that could lead to memory exhaustion...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-0715
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...
Security Bulletin: Vulnerability in Eclipse EE4J Jakarta Expression Language affects watsonx.data
Summary Eclipse EE4J Jakarta Expression Language is vulnerable to bypass security restrictions attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions,...
The vulnerability of the logback-core module in the QOS monitoring system allows a perpetrator to execute arbitrary code.
The vulnerability of the logback-core module in the QOS monitoring system is related to the failure to take measures to neutralize special elements used in the expression language operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by using the...
IBM Cognos Analytics 11.2.x < 11.2.4 FP5 / 12.0.x < 12.0.4 IF1 Multiple Vulnerabilities (7179496)
The version of IBM Cognos Analytics installed on the remote host is prior to 11.2.4 FP5 or 12.0.4 IF1. It is, therefore, affected by multiple vulnerabilities as referenced in the 7179496 advisory. - IBM Cognos Analytics is vulnerable to an Expression Language EL Injection vulnerability. A remote...
The vulnerability of the online business analytics service IBM Cognos Analytics lies in the lack of measures taken to neutralize special elements used in the expression language operator. This allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of the online business analytics service IBM Cognos Analytics lies in the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected informatio...
Vulnerabilities fixed in IBM Cognos Analytics
IBM fixed vulnerabilities in IBM Cognos Analytics The vulnerability in IBM Cognos Analytics arises from improper validation of file extensions, allowing remote attackers to upload arbitrary files. This security issue can lead to the execution of malicious code on the affected system, posing a...
OSV-2024-1397 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385326423 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/java.util.HashMap.get org.springframework.core.convert.TypeDescriptor.valueOf...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466 IBM Cognos Analytics expression language injection
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language EL Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a...
CVE-2024-51466
IBM Cognos Analytics (11.2.0–11.2.4 FP4 and 12.0.0–12.0.4) is vulnerable to an Expression Language (EL) Injection that can allow a remote attacker to disclose data, exhaust memory, or crash the server when processing crafted EL statements. Affected products/versions are explicitly listed in the v...