Arbitrary Code Injection

Overview org.webjars.npm:jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on th...

PT-2023-36039 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: A security exception crash has been reported. The crash involves the com.github.javaparser.GeneratedJavaParser.Expression and specific methods within java.base/sun.nio.cs.CESU 8$Encoder,...

PT-2022-37209 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified Description: A security exception crash has been reported in Apache Commons JXPath. The crash occurs in the org.apache.commons.jxpath.ri.axes package, specifically in the...

PT-2022-37197 · Git +1 · Jackson-Modules-Java8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, with details including a crash type and crash state. The crash state involves methods such as fuzzerTestOneInput...

CSRF in gadgets plugin

The affected methods are: AddOrRemoveGadgetSpecAction, doAdd AddOrRemoveGadgetSpecAction, doRemove AddOrRemoveGadgetFeedAction, doAddGadgetFeed AddOrRemoveGadgetFeedAction, doRemoveGadgetFeed WhitelistAdminAction, doAddWhitelistUrl WhitelistAdminAction, doRemoveWhitelistUrl RevokeOAuthTokensActio...