org.apache.olingo:odata-fit (>=4.0.0-beta-01 <=4.0.0-beta-02-RC01), org.esigate:esigate-cas (>=3.1 <=5.2) +7 more potentially affected by CVE-2018-1000854 via org.esigate:esigate-core (>=3.1 <=5.2)

org.esigate:esigate-core MAVEN version =3.1, =4.0.0-beta-01, =3.1, =4.0, =3.1, =3.1, =5.0, =3.1, =4.0, =3.1, =4.4 Source cves: CVE-2018-1000854 Source advisory: OSV:GHSA-HJM9-576Q-399P...

Remote Code Execution in esigate-core

esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable vi...

GHSA-HJM9-576Q-399P Remote Code Execution in esigate-core

esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable vi...

Remote Code Execution (RCE)

esigate-core is vulnerable to remote code execution RCE. The ESIGate supports esi:include tag along with stylesheet attribute which would allow a remote attacker to execute code on the server with a user specified XSLT...