4 matches found
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the toCedarExpr method, which does not escape special characters when converting values to source code. An attacker can inject arbitrary expressions by supplying specially crafted input, potentially altering...
CedarJava has policy injection vulnerability
Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection. Impact Cedar-expression injection via unescaped toCedarExpr The toCedarExpr metho...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through improper handling of reserved keys in the JSON protocol when serializing CedarMap. An attacker can cause unauthorized access or manipulation of data by supplying...
PT-2026-50975
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...