Apache Unomi - Remote Code Execution

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process, enabling attackers to execute arbitrary code. id: CVE-2020-11975 info: name: Apache Unomi -...

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

EUVD-2021-1399

Malware in sbrugna...

CVE-2020-11975

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

GHSA-XP5J-WJ4H-2JQ9 Injection and Improper Input Validation in Apache Unomi

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest...

Injection and Improper Input Validation in Apache Unomi

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest...

GHSA-V6FQ-Q792-J46J Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

Exploit for Improper Input Validation in Apache Unomi

CVE-2020-13942 Run httpx or httprob on the...

GHSA-RM7F-MPCJ-W4F6 Command injection in Apache Unomi

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

Command injection in Apache Unomi

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

Apache Unomi Injection Vulnerability

Apache Unomi is the United States Apache Software Apache Foundation's set of open source customer data platform. The platform is mainly written in Java language. An injection vulnerability exists in Apache Unomi versions prior to 1.5.5. The vulnerability stems from the failure of a networked syst...

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

CVE-2021-31164

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

Crlf injection

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

CVE-2021-31164 Apache Unomi log injection

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements...

CVE-2021-31164

CVE-2021-31164 concerns Apache Unomi prior to version 1.5.5, where CRLF log injection is possible due to lack of escaping in log statements. Multiple sources (NVD, RH, OSV, CNVD/CNNVD, CVE lists) confirm the issue and correlate it with a pre-1.5.5 release. The vulnerability arises from improper h...

Apache Unomi 注入漏洞

Apache Unomi is the United States Apache Software Apache Foundation's set of open source customer data platform. The platform is mainly written in Java language. An injection vulnerability exists in Apache Unomi versions prior to 1.5.5. The vulnerability stems from the failure of a networked syst...

PT-2021-19198 · Apache · Apache Unomi

Name of the Vulnerable Software and Affected Versions: Apache Unomi versions prior to 1.5.5 Description: The issue is related to CRLF log injection due to the lack of escaping in log statements. Recommendations: For versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue...

Exploit for Improper Input Validation in Apache Unomi

PoC exploit for CVE-2020-13942, an unauthenticated RCE vulnerability through MVEL and OGNL injection in Apache Unomi. The exploit targets the context.js/json endpoint exposed by the Unomi server, allowing an attacker to execute arbitrary OS commands. Two RCE vectors are available: MVEL injection...