2 matches found
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...
CVE-2021-32647
Emissary is a P2P data‑driven workflow engine. CVE-2021-32647 affects Emissary versions with a vulnerable CreatePlace REST endpoint that accepts sppClassName to load an arbitrary class, which is later instantiated via a (String, String, String) constructor. An attacker could locate a gadget in th...