7 matches found
CVE-2026-35581
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...
CVE-2026-35581
Emissary’s Executrix utility creates shell commands by concatenating configuration-derived values (including PLACE_NAME) with insufficient sanitization prior to version 8.39.0. This allowed shell metacharacters to pass into /bin/sh -c command execution, enabling a Command Injection vulnerability....
CVE-2026-35571
CVE-2026-35571 affects Emissary prior to 8.39.0. Mustache navigation templates interpolated config-controlled link values directly into href attributes without URL scheme validation, allowing an administrator with navItems access to inject javascript: URIs and trigger stored XSS against other aut...
CVE-2021-32647
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...
Weak Cryptographic Algorithms
gov.nsa.emissary, emissary is vulnerable to weak cryptographic algorithms. The vulnerability is due to the use of weak cryptographic algorithms e.g., SHA-1, CRC32, and SSDEEP in the ChecksumCalculator class, which can be exploited to generate hash collisions or compromise data integrity...
CVE-2021-32647
Emissary is a P2P data‑driven workflow engine. CVE-2021-32647 affects Emissary versions with a vulnerable CreatePlace REST endpoint that accepts sppClassName to load an arbitrary class, which is later instantiated via a (String, String, String) constructor. An attacker could locate a gadget in th...
Unspecified vulnerability in Emissary (CNVD-2021-34517)
Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A security vulnerability exists in Emissary 5.9.0, which can be exploited by an attacker to delete arbitrary files...