6 matches found
io.fabric8:fabric8-maven-plugin (=1.2.0.redhat-133), it.uniroma2.art.maple:maple-karaf-distribution (>=0.0.3 <=0.0.5) +2 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=4.4.1 <=4.4.11)
org.apache.karaf:apache-karaf MAVEN version =4.4.1, =0.0.3, =0.0.5 - org.apache.camel.karaf:camel-test-karaf =3.19.0 - org.apache.karaf.demos:web =4.1.7 Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...
ch.sourcepond.commons:smartswitch-tests (>=2.0.0 <=4.0.2), ch.sourcepond.io:checksum-tests (>=1.0.3 <=4.0.3) +47 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=2.0.0 <=4.3.7)
org.apache.karaf:apache-karaf MAVEN version =2.0.0, =2.0.0, =1.0.3, =1.0.0, =1.0.0, =1.5, =1.5.6, =4.4.1, =7.2.0, =6.3.0, =1.1.2, =1.0.0, =2.0.0, =2.0.6, =4.2.8.hyte-4280, =hyte-mq-4.3.7.hyte-43072 and more Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...
CVE-2022-40145
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
CVE-2022-40145
Apache Karaf prior to 4.4.2 and 4.3.8 is affected by CVE-2022-40145 due to a lack of validation in JDBCUtils.doCreateDatasource when a JNDI LDAP data source URI is used. An attacker who controls the target LDAP server can trigger remote code execution by injecting a crafted JNDI name into Initial...