PT-2025-18091 · Onevision · Onevision Workspace

Name of the Vulnerable Software and Affected Versions: OneVision Workspace versions prior to WS23.1 SR1 build w31.040 Description: The issue allows for arbitrary Java EL execution. This means that an attacker could potentially execute malicious Java Expression Language code, leading to unauthoriz...

CVE-2020-5245

Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...

Primefaces Remote Code Execution Exploit

This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...

Code Injection

ShifuM is vulnerable to Code Injection. The vulnerability is due to improper handling of the FilterExpression argument within the Java Expression Language Handler in the src/main/java/ml/shifu/shifu/core/DataPurifier.java file. This issue can be exploited by an attacker by manipulating the...

GHSA-5FPQ-3C9P-3R3W ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

Summary of CVE-2023-7148 (ShifuML Shifu 0.12.0) : The vulnerability affects the Java Expression Language Handler, specifically the file src/main/java/ml/shifu/shifu/core/DataPurifier.java, where manipulation of the FilterExpression argument enables code injection. This can be exploited remotely; ...

PT-2023-32909 · Unknown · Shifuml Shifu

Name of the Vulnerable Software and Affected Versions: ShifuML shifu version 0.12.0 Description: A critical vulnerability has been found in the Java Expression Language Handler component, specifically in the file src/main/java/ml/shifu/shifu/core/DataPurifier.java. The manipulation of the...

VulnCheck KEV: CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

cron-utils: template Injection leading to unauthenticated Remote Code Execution

A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...

Cron Utils 代码注入漏洞

Cron Utils is Jmrozanec individual developers of a Java code base for validating , parsing , migrating Cron expressions . A code injection vulnerability exists in Cron Utils that allows an attacker to inject arbitrary Java EL expressions to execute remote code...

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

Remote Code Execution in SCIMono

Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. Patches The issue was fixed on 0.0.19 version...

GHSA-29Q4-GXJQ-RX5C Remote Code Execution in SCIMono

Impact It is possible for attacker to inject and execute java expression and compromising the availability and integrity of the system. Patches The issue was fixed on 0.0.19 version...

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...

CVE-2021-21479

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...