10 matches found
CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
Sandbox Protection Bypass
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps is vulnerable to Sandbox Protection Bypass. The vulnerability is due to an overly permissive custom script security whitelist, which allows an attacker to invoke arbitrary methods and bypass sandbox restrictions...
GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation
Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...
TurboBoost Commands vulnerable to arbitrary method invocation
Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...
CVE-2024-28181 Arbitrary method invocation turbo_boost-commands
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
CVE-2024-28181 Arbitrary method invocation turbo_boost-commands
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
CVE-2021-40719
Adobe Connect version 11.2.3 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server...
CVE-2021-40719 Adobe Connect Deserialization of Untrusted Data Remote Code Execution
Adobe Connect version 11.2.3 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server...
Ruby has an unspecified vulnerability
Ruby is a simple and fast object-oriented object-oriented programming scripting language. An unspecified vulnerability exists in Ruby. An attacker can exploit this vulnerability to invoke arbitrary Ruby methods...