Remote Code Execution (RCE)

brooklyn-utils-common is vulnerable to remote code execution RCE attacks. The library by default allows the unmarshalling of Java types available to that classpath. This allows an attacker to inject and execute arbitrary code by passing a malicious yaml file to the application...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. PoC Attacker puts something like this int...