29 matches found
EUVD-2021-1411
Malware in sbrugna...
CVE-2020-1959
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...
CVE-2020-9297
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...
CVE-2023-42404
OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...
CVE-2023-42404
OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...
CVE-2023-42404
OneVision Workspace before WS23.1 SR1 build w31.040 allows arbitrary Java EL execution...
CVE-2023-42404
CVE-2023-42404 concerns OneVision Workspace prior to WS23.1 SR1 (build w31.040), where the underlying issue allows arbitrary Java EL execution. The connected sources consistently identify the affected product as OneVision Workspace and specify the vulnerable version range (pre-WS23.1 SR1, build w...
CVE-2020-11002
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you a...
Template Injection
cron-utils is vulnerable to template injection. An attacker can inject arbitrary java EL expressions through the parse function in CronParser.java, leading to remote code execution...
Critical vulnerability found in cron-utils
Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...
CVE-2021-41269
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
Remote code execution
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
CVE-2021-41269 Unauthenticated remote code injection in cron-utils
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...
GHSA-VJQW-R3WW-WJ2W Expression Language Injection in Apache Syncope
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution RCE vulnerability. Apache Syncope uses Java Bean Validation JSR 380 custom constraint validators. When...
Sonatype Nexus 3.21.1 Remote Code Execution
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Remote Code Execution (RCE)
BrowserUp Proxy is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by injecting arbitrary Java EL expressions into the server-side template...
Template Injection
cron-utils is vulnerable to a template Injection vulnerability. The use of cron-utils with @Cron annotation allows an attacker to inject malicious Java EL expressions as it does not properly validate the untrusted Cron expressions, leading to a remote code execution...
Template injection in cron-utils
Impact A Template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution RCE vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron...
Cron Utils Injection Vulnerability
Cron Utils is a Java codebase for authenticating, parsing, and migrating Cron expressions from the individual developers at Jmrozanec. An injection vulnerability exists in Cron-utils versions prior to 9.1.3, which can be exploited by an attacker to be able to inject arbitrary Java EL expressions,...