Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

EUVD-2025-27118

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-58782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0...

com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4), com.adobe.cq.media:cq-media-publishing-dps-integration (=5.6.16) +119 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-core (>=1.2.1 <=2.22.1)

org.apache.jackrabbit:jackrabbit-core MAVEN version =1.2.1, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =2.0.5, =2.0.0, =0.0.1, =2.1.1, =2.5.0, =2.1.1, =2.5.0, =2.1.1, =4.3.5 and more Source cves: CVE-2025-58782 Source advisory: OSV:GHSA-CXVC-G8F2-4GMM...

Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary code by injecting malicious JNDI references that are deserialized when untrusted JNDI URIs are accepted. JNDI URIs are can be...

com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4), com.adobe.cq.media:cq-media-publishing-dps-integration (=5.6.16) +93 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-core (>=2.0-beta1 <=2.22.1)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.0-beta1, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =2.0.5, =2.0.0, =0.0.1, =2.1.1, =2.5.0, =2.1.1, =2.5.0, =2.1.1, =4.3.5 and more Source cves: CVE-2025-58782 Source advisory: SNYK:JAVA-ORGAPACHEJACKRABBIT-12578562...

GHSA-CXVC-G8F2-4GMM Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

DEBIAN-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

UBUNTU-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782

CVE-2025-58782 affects Apache Jackrabbit Core (1.0.0–2.22.1) and Apache Jackrabbit JCR Commons (1.0.0–2.22.1). The issue is Deserialization of Untrusted Data triggered by accepting JNDI URIs for JCR lookup from untrusted users, which can lead to arbitrary code execution through deserialization of...

CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

Apache Jackrabbit Core和Apache Jackrabbit JCR Commons 安全漏洞

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are both products of the Apache Foundation.Apache Jackrabbit Core is a content repository core.Apache Jackrabbit JCR Commons is a general-purpose tool library. A security vulnerability exists in Apache Jackrabbit Core versions 1.0.0 through...

Linux Distros Unpatched Vulnerability : CVE-2025-53689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the use of an unsecured document to load privileges. An attacker can execute arbitrary code or cause a denial of service by submitting specially crafted XML data. Details XXE Injection is a type ...

DEBIAN-CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...