hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

GHSA-2GH6-WC3M-G37F hermes-management is vulnerable to RCE due to Apache commons-jxpath

Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. Patches Upgrade Hermes to at least hermes-2.2.9 References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/...

Fedora: Security Advisory for apache-commons-jxpath (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-jxpath-1.3-52.fc40

Defines a simple interpreter of an expression language called XPath. JXPath applies XPath expressions to graphs of objects of all kinds: JavaBeans, Maps, Servlet contexts, DOM etc, including mixtures thereof...

JXPath: untrusted XPath expressions may lead to RCE attack

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons JXPath

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons JXPath. Vulnerability Details CVEID: CVE-2022-40159 DESCRIPTION: JXPath is vulnerable to a denial of service, caused by a stack-based buffer overflow in parsing XPath. By sending...

Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73689)

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...

Apache Commons JXPath Buffer Overflow Vulnerability (CNVD-2022-73687)

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation. Apache Commons JXPath suffers from a buffer overflow vulnerability that can be exploited by remote attackers to cause a denial of service...

Apache Commons JXPath buffer overflow vulnerability

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation in the U.S. A buffer overflow vulnerability exists in Apache Commons JXPath, which stems from a parser running on user-supplied input allowing an attacker to submit special data causing a stack overflow t...

PT-2022-5014 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.2 hermes-management versions prior to 2.2.9 Description: The issue is related to the application of external input for class selection ...

Apache Commons JXPath 缓冲区错误漏洞

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...

编号撤回

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation. Apache Commons JXPath suffers from a buffer overflow vulnerability that can be exploited by remote attackers to cause a denial of service...

编号撤回

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation in the U.S. A buffer overflow vulnerability exists in Apache Commons JXPath, which stems from a parser running on user-supplied input allowing an attacker to submit special data causing a stack overflow t...

编号撤回

Apache Commons JXPath is a Java-based implementation of XPath 1.0 from the Apache Foundation, U.S.A. A buffer overflow vulnerability exists in Apache Commons JXPath, which is caused by a stack buffer overflow when parsing XPath. A remote attacker could exploit this vulnerability to cause a denial...

OSV-2022-782 Security exception in java.base/java.lang.StringBuffer.append

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50600 Crash type: Security exception Crash state: java.base/java.lang.StringBuffer.append org.apache.commons.jxpath.ri.compiler.CoreFunction.toString java.base/java.lang.String.valueOf...

PT-2022-37209 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified Description: A security exception crash has been reported in Apache Commons JXPath. The crash occurs in the org.apache.commons.jxpath.ri.axes package, specifically in the...

PT-2022-37208 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified Description: The issue is related to a security exception in the Apache Commons JXPath library. The crash occurs in the parenthesize method of CoreOperation and the toString method of...