80 matches found
Deserialization of untrusted data
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
CVE-2023-24621
CVE-2023-24621 concerns Esoteric YamlBeans up to version 1.15, where untrusted deserialization to Java classes is possible by default because the data and class are controlled by the author of the YAML document. The public descriptions consistently describe this as a deserialization vulnerability...
PT-2023-19713 · Unknown · Esoteric Yamlbeans
Name of the Vulnerable Software and Affected Versions: Esoteric YamlBeans versions through 1.15 Description: An issue was discovered in Esoteric YamlBeans that allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document...
CVE-2023-24621
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed...
Esoteric Software YamlBeans 代码问题漏洞
YamlBeans is an open source library from Esoteric Software. Can easily Java object graph with YAML. A security vulnerability exists in Esoteric Software YamlBeans 1.15 and earlier versions that stems from allowing untrusted deserialization of Java classes...
Pentaho Business Server Authentication Bypass / SSTI / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pentaho Business Server Auth Bypass and Server Side Template Injection RCE', 'Description' = %q Hitachi Vantara Pentaho Business Analytics Server...
ROS-20221103-03
A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that, the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to use JavaScript to execute a Ja...
GHSA-Q979-9M39-23MQ Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
Design/Logic Flaw
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
CVE-2022-23463 SpEL Injection in Nepxion Discovery
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...
GHSA-V6FQ-Q792-J46J Improper Input Validation in Apache Unomi
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
Improper Input Validation in Apache Unomi
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
Crafter CMS Code Execution Vulnerability
Crafter CMS is an open source content management system CMS for digital experience applications.A code execution vulnerability exists in Crafter CMS, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could modify the main...
Crafter CMS 安全漏洞
Crafter CMS is an open source content management system CMS for digital experience applications.A code execution vulnerability exists in Crafter CMS, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could modify the main...
Open-xchange OX App Suite Code Injection Vulnerability
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A code injection vulnerability exists in Open-xchange OX App Suite, which can be exploited by attacker...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format...
VulnCheck KEV: CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...