Lucene search
K

1087 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/09/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2018-14667

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

9.8CVSS7.4AI score0.74171EPSS
Exploits6References1
CISA KEV Catalog
CISA KEV Catalog
added 2023/09/28 12:0 a.m.28 views

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

9.8CVSS7.9AI score0.74171EPSS
In wildExploits6
BDU FSTEC
BDU FSTEC
added 2023/09/08 12:0 a.m.7 views

The vulnerability of the Spring Framework software, related to errors in processing SpEL expressions, allows attackers to execute arbitrary code.

The vulnerability of the Spring Framework software is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.8CVSS7.2AI score0.01122EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2023/09/05 6:37 p.m.6 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/16 10:56 a.m.7 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
Gitee
Gitee
added 2023/08/04 2:53 p.m.3 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

水泽-信息收集自动化工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:Ske 团队:0x727,未来一段时间将陆续开源工具,地址:https://github.com/0x727 定位:协助红队人员快速的信息收集,测绘目标资产,寻找薄弱点 语言:python3开发 功能:一条龙服务,只需要输入根域名即可全方位收集相关资产,并检测漏洞。也可以输入多个域名、C段IP等,具体案例见下文。...

9.8CVSS8.9AI score0.99999EPSS
Exploits45
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.7 views

The vulnerability of the Hitachi Replication Manager (HRpM) platform, related to the failure to take measures to neutralize special elements used in the expression language of the operator, allows a perpetrator to execute arbitrary code.

The vulnerability of the Hitachi Replication Manager HRpM platform relates to the failure to take measures to neutralize special elements used in the expression language. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.7AI score0.00451EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/18 3:15 a.m.2 views

CVE-2022-4146

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/07/12 12:31 p.m.19 views

GHSA-M384-PJ54-5VR2 Apache Ambari Expression Language Injection vulnerability

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

8.8CVSS8.5AI score0.01052EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 9:30 a.m.24 views

Apache Jena Expression Language Injection vulnerability

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0...

8.8CVSS7.1AI score0.01324EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/07/12 9:30 a.m.22 views

GHSA-J927-W6G7-7C7W Apache Jena Expression Language Injection vulnerability

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0...

8.8CVSS6.1AI score0.01324EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.6 views

Apache Ambari 安全漏洞

Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari, which originates from a SpringEL injection in the metrics source and...

8.8CVSS8.3AI score0.01052EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/29 8:7 p.m.4 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
OSV
OSV
added 2023/06/27 2:0 p.m.3 views

OSV-2023-517 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60112 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.TypeVariableImpl.hashCode java.base/java.util.Arrays.hashCode...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/06/21 7:56 p.m.8 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 9:3 a.m.4 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/15 12:17 a.m.5 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/17 1:58 p.m.5 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.3 views

springframework: Spring Expression DoS Vulnerability

A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...

6.5CVSS7.1AI score0.01122EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.4 views

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

6.5CVSS7.1AI score0.0097EPSS
Exploits1References5
Rows per page
Query Builder