2 matches found
com.gccloud:gc-starter-plugins-jimureport (>=1.2.4.1.RELEASE <=2.2.2.RELEASE), com.graphql-java-calculator:graphql-java-calculator (>=1.0 <=1.4.1) +35 more potentially affected by CVE-2021-41862 via com.googlecode.aviator:aviator (>=5.2.1 <=5.2.7)
com.googlecode.aviator:aviator MAVEN version =5.2.1, =1.2.4.1.RELEASE, =1.0, =1.1.1, =1.0.4, =1.19.1, =0.1.3, =1.5.5, =1.5.5, =1.5.5, =1.5.5, =1.5.5, =1.6.8, =1.6.6, =1.5.8, =1.5.5, =1.9.0 and more Source cves: CVE-2021-41862 Source advisory: OSV:GHSA-XPV2-8PPJ-79HH...
CVE-2021-41862
CVE-2021-41862 affects AviatorScript up to version 5.2.7. An expression parsed via the ByteCode Engineering Library (BCEL) can lead to arbitrary code execution. The entry describes an expression injection vulnerability where BCEL-encoded expressions are evaluated, enabling attacker-controlled cod...