11 matches found
EUVD-2025-27118
Malicious code in bioql PyPI...
biz.netcentric.aem.sysenvtools:apply-system-env-install-hook (>=1.2.0 <=1.2.3), biz.netcentric.aem.sysenvtools:system-env-change-listener (>=1.2.0 <=1.2.3) +410 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-jcr-commons (>=2.0-beta1 <=2.22.1)
org.apache.jackrabbit:jackrabbit-jcr-commons MAVEN version =2.0-beta1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0, =2.0.0, =2.5.0, =2.5.4, =2.5.4, =4.2.0, =1.0.0, =1.0.0, =1.0.0, =1.4.0 - biz.ne...
be.hobbiton.maven:linux-packaging-maven-plugin (>=1.0.0 <=1.1.2), biz.netcentric.aem.sysenvtools:apply-system-env-install-hook (>=1.2.0 <=1.2.3) +1031 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-jcr-commons (>=1.1.1 <=2.22.1)
org.apache.jackrabbit:jackrabbit-jcr-commons MAVEN version =1.1.1, =1.0.0, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0, =2.0.0, =2.5.0, =2.5.4, =2.5.4, =4.2.0, =1.0.0, =1.0.0, =1.2.1 - biz.netcentric.fil...
Deserialization of Untrusted Data
Overview org.apache.jackrabbit:jackrabbit-jcr-commons is a fully conforming implementation of the Content Repository for Java Technology API. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
DEBIAN-CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
CVE-2025-58782 affects Apache Jackrabbit Core (1.0.0–2.22.1) and Apache Jackrabbit JCR Commons (1.0.0–2.22.1). The issue is Deserialization of Untrusted Data triggered by accepting JNDI URIs for JCR lookup from untrusted users, which can lead to arbitrary code execution through deserialization of...
CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
Apache Jackrabbit Core和Apache Jackrabbit JCR Commons 安全漏洞
Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are both products of the Apache Foundation.Apache Jackrabbit Core is a content repository core.Apache Jackrabbit JCR Commons is a general-purpose tool library. A security vulnerability exists in Apache Jackrabbit Core versions 1.0.0 through...