4 matches found
EUVD-2020-30122
Malware in sbrugna...
cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution
A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...
Code injection
Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...
PT-2020-20571 · Netflix +1 · Netflix Titus +2
Name of the Vulnerable Software and Affected Versions: Netflix Titus affected versions not specified Netflix Conductor affected versions not specified Description: The issue concerns the use of Java Bean Validation JSR 380 custom constraint validators in Netflix Titus and Netflix Conductor. When...