88 matches found
Prototype Pollution
Overview org.webjars.npm:expr-eval is a WebJar for expr-eval Affected versions of this package are vulnerable to Prototype Pollution via the evaluation process, which accesses global values by searching for item.value in expr.functions. An attacker can access prototype, proto, constructor, and...
Remote Code Execution (RCE)
Apache Commons OGNL is vulnerable to Remote Code Execution RCE. The vulnerability is due to incomplete blocklist restrictions in the OGNL engine when parsing and evaluating expressions, which allows an attacker to bypass protections and potentially achieve arbitrary code execution...
Logic Error
Apache HTTP Server is vulnerable to a logic error. The vulnerability is due to a flaw in the evaluation of RewriteCond expr directives, which causes all expressions to be treated as true, allowing an attacker to bypass intended rewrite conditions and access or redirect resources unexpectedly...
Cross-Site Scripting (XSS)
@pdfme/common is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of expression evaluation, which allows an attacker to escape the sandbox environment and execute arbitrary code or manipulate object prototypes to perform XSS and other malicious actions...
PDFME 安全漏洞
PDFME is an open source PDF generation library built with TypeScript and React by pdfme open source. A security vulnerability exists in PDFME versions 5.2.0 through 5.4.0, which stems from an expression evaluation feature that could lead to a sandbox escape, triggering cross-site scripting and...
CVE-2019-16553
A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression...
CVE-2025-27104
vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body e.g. read a storage variable...
CVE-2024-8048
In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...
Progress Telerik Reporting <= 2024 Q3 (18.2.24.806) Multiple Vulnerabilities
The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2024 Q3 18.2.24.806. It is, therefore, affected by multiple vulnerabilities: - In Progress® Telerik® Reporting, versions 2024 Q3 18.2.24.806 or earlier, hyperlinks were permitted in the desktop...
CVE-2024-8048
In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...
CVE-2024-8048 Telerik Reporting Insecure Expression Evaluation
In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...
CVE-2024-8048
Progress Telerik Reporting (desktop/Standalone Report Designer) prior to 2024 Q3 (version 18.2.24.924) is affected by an insecure expression evaluation vulnerability that enables object injection and may allow code execution. The issue is documented as CVE-2024-8048; CVSS v3.1 base score 7.8 (HIG...
CVE-2024-8048 Telerik Reporting Insecure Expression Evaluation
In Progress Telerik Reporting versions prior to 2024 Q3 18.2.24.924, a code execution attack is possible using object injection via insecure expression evaluation...
ClickHouse 安全漏洞
ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse version v24.3.3.102, which stems from a buffer overflow issue in the DB::evaluateConstantExpressionIm...
CVE-2024-28847 SpEL Injection in `PUT /api/v1/events/subscriptions` in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...
CVE-2023-29213
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of org.xwiki.platform:xwiki-platform-logging-ui it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image wi...
GHSA-X5FC-PGPX-59J5 Server side object manipulation in Apache Struts
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the ''-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in...
Server side object manipulation in Apache Struts
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the ''-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in...
Ubuntu 18.04 LTS / 20.04 LTS : Pillow vulnerabilities (USN-5227-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5227-1 advisory. It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a...
ALPINE-CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...