GHSA-4J38-WJHF-884R Arbitrary code execution in Richfaces

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

RichFaces vulnerable to Expression Language Injection

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

Arbitrary code execution in Richfaces

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

GHSA-3HX6-FQPJ-XFJR RichFaces vulnerable to Expression Language Injection

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

GHSA-J7MW-7CRR-658V Richfaces vulnerable to arbitrary code execution

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

Apache Tiles Vulnerable to XSS via EL Expression Injection

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 PoC for CVE-2021-31805 Apache Struts2 CVE-20...

Exploit for Expression Language Injection in Apache Struts

S2-062 CVE-2021-31805/s2-062 Batch scanning and vulnerability...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 Remote code execution S2-062 CVE-2021-31805...

Exploit for Expression Language Injection in Apache Struts

s2-062 Remote code execution for S2-062 CVE-2021-31805 – Ver...

Exploit for Expression Language Injection in Apache Struts

s2-062 Remote code execution for S2-062 CVE-2021-31805 – Ver...

GHSA-V8J6-6C2R-R27C Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

BSA-2022-1768

Security Advisory ID : BSA-2022-1768 Component : Spring Cloud Revision : 1.0 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in...

GHSA-558X-2XJG-6232 Allocation of Resources Without Limits or Throttling in Spring Framework

In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0.RELEASE - 5.2.19.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

DEBIAN-CVE-2022-22950

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition...

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring CVE This includes CVE-2022-22963, a Spring SpEL / Expre...

The vulnerability of the Spring module routing mechanism, which facilitates business logic through Spring Cloud Function services, allows attackers to gain unauthorized access to local resources or cause service failures.

The vulnerability of the Spring module routing mechanism for promoting business logic using Spring Cloud Function is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow an attacker to...