Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/07 3:56 p.m.3 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 3:56 p.m.12 views

CVE-2026-35581

Emissary’s Executrix utility creates shell commands by concatenating configuration-derived values (including PLACE_NAME) with insufficient sanitization prior to version 8.39.0. This allowed shell metacharacters to pass into /bin/sh -c command execution, enabling a Command Injection vulnerability....

7.2CVSS5.9AI score0.00563EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/04/07 3:26 p.m.17 views

CVE-2026-35571

CVE-2026-35571 affects Emissary prior to 8.39.0. Mustache navigation templates interpolated config-controlled link values directly into href attributes without URL scheme validation, allowing an administrator with navItems access to inject javascript: URIs and trigger stored XSS against other aut...

4.8CVSS5.8AI score0.00176EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.9 views

CVE-2021-32647

Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...

9.1CVSS8.1AI score0.0285EPSS
Exploits1References1
Veracode
Veracode
added 2025/03/10 12:2 p.m.8 views

Weak Cryptographic Algorithms

gov.nsa.emissary, emissary is vulnerable to weak cryptographic algorithms. The vulnerability is due to the use of weak cryptographic algorithms e.g., SHA-1, CRC32, and SSDEEP in the ChecksumCalculator class, which can be exploited to generate hash collisions or compromise data integrity...

7.5CVSS7AI score0.00194EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2021/05/28 11:5 p.m.49 views

CVE-2021-32647

Emissary is a P2P data‑driven workflow engine. CVE-2021-32647 affects Emissary versions with a vulnerable CreatePlace REST endpoint that accepts sppClassName to load an arbitrary class, which is later instantiated via a (String, String, String) constructor. An attacker could locate a gadget in th...

9.1CVSS9AI score0.0285EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2021/05/11 12:0 a.m.5 views

Unspecified vulnerability in Emissary (CNVD-2021-34517)

Emissary is a software application. A P2P-based data-driven workflow engine that runs on heterogeneous and potentially widely distributed multi-tier P2P network computing resources. A security vulnerability exists in Emissary 5.9.0, which can be exploited by an attacker to delete arbitrary files...

8.1CVSS6.9AI score0.00891EPSS
Exploits0References1
Rows per page
Query Builder