1087 matches found
VulnCheck KEV: CVE-2018-14667
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
The vulnerability of the Spring Framework software, related to errors in processing SpEL expressions, allows attackers to execute arbitrary code.
The vulnerability of the Spring Framework software is related to errors in processing SpEL expressions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
水泽-信息收集自动化工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:Ske 团队:0x727,未来一段时间将陆续开源工具,地址:https://github.com/0x727 定位:协助红队人员快速的信息收集,测绘目标资产,寻找薄弱点 语言:python3开发 功能:一条龙服务,只需要输入根域名即可全方位收集相关资产,并检测漏洞。也可以输入多个域名、C段IP等,具体案例见下文。...
The vulnerability of the Hitachi Replication Manager (HRpM) platform, related to the failure to take measures to neutralize special elements used in the expression language of the operator, allows a perpetrator to execute arbitrary code.
The vulnerability of the Hitachi Replication Manager HRpM platform relates to the failure to take measures to neutralize special elements used in the expression language. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2022-4146
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02...
GHSA-M384-PJ54-5VR2 Apache Ambari Expression Language Injection vulnerability
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...
Apache Jena Expression Language Injection vulnerability
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0...
GHSA-J927-W6G7-7C7W Apache Jena Expression Language Injection vulnerability
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena from 3.7.0 through 4.8.0...
Apache Ambari 安全漏洞
Apache Ambari is an application from the Apache USA Foundation. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari, which originates from a SpringEL injection in the metrics source and...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
OSV-2023-517 Security exception in org.springframework.expression.spel.ast.OpPlus.getValueInternal
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60112 Crash type: Security exception Crash state: org.springframework.expression.spel.ast.OpPlus.getValueInternal java.base/sun.reflect.generics.reflectiveObjects.TypeVariableImpl.hashCode java.base/java.util.Arrays.hashCode...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...
springframework: Spring Expression DoS Vulnerability
A flaw was found in Spring Framework. Certain versions of Spring Framework's Expression Language were not restricting the size of Spring Expressions. This could allow an attacker to craft a malicious Spring Expression to cause a denial of service on the server...
springframework: Spring Expression DoS Vulnerability
A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...