CVE-2021-41269

CVE-2021-41269 affects cron-utils, a Java library for parsing and migrating cron expressions. The issue is a template injection flaw in cron-utils that enables an attacker to inject arbitrary Java EL expressions, leading to unauthenticated remote code execution. The vulnerability affects versions...

CVE-2021-41269 Unauthenticated remote code injection in cron-utils

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code...

Debian DSA-5004-1 : libxstream-java - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5004 advisory. Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xstream Multiple Vulnerabilities (NS-SA-2021-0108)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xstream packages installed that are affected by multiple vulnerabilities: - XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a...

br.com.guiabolso:hyperloop-transport (>=3.0.1 <=3.0.2), com.eoniantech:secrets-locker (>=1.0 <=1.2) +8 more potentially affected by CVE-2020-8897 via com.amazonaws:aws-encryption-sdk-java (>=0.0.1 <=1.9.0)

com.amazonaws:aws-encryption-sdk-java MAVEN version =0.0.1, =3.0.1, =1.0, =2.3.2, =0.3.0, =2.8.0, =2.11.1 - org.apache.ignite:ignite-aws-ext =1.0.0 - org.dreamhorizon:vertx-cron =1.0.0 - software.amazon.cloudformation:aws-cloudformation-rpdk-java-plugin =2.0.12 Source cves: CVE-2020-8897 Source...

at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1065 more potentially affected by CVE-2021-39239 via org.apache.jena:jena-core (>=2.7.0-incubating <=4.1.0)

org.apache.jena:jena-core MAVEN version =2.7.0-incubating, =0.9.12, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.2, =0.9 - at.researchstudio.sat:won-owner =0.3 and more Source cves: CVE-2021-39239 Source advisory: OSV:GHSA-7RP6-W7MG-H8RW...

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-discovery-server (>=0.5.0 <=0.5.24) +6134 more potentially affected by CVE-2021-39154 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.17)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =Finchley.SR4, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =0.3.3, =0.4.0, =0.4.2 and more Source cves: CVE-2021-39154 Source advisory: OSV:GHSA-6W62-HX7R-MW68...

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

XStream 代码问题漏洞

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67825)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

Input validation

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

cn.regionsoft:ONE (=2.1.1), co.baiku.boot:ajavaer-cache (=0.3.0-RELEASES) +49 more potentially affected by CVE-2020-15522 via org.bouncycastle:bcprov-ext-jdk16 (>=1.45 <=1.46)

org.bouncycastle:bcprov-ext-jdk16 MAVEN version =1.45, =0.0.1-RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.3.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.1.RELEASE, =0.0.9.RELEASE and more Source cves: CVE-2020-15522 Source advisor...

Debian: Security Advisory (DLA-2741-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unspecified vulnerability in Ratpack (CNVD-2021-52414)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from a default configuration of a client session that results in unencrypted but signed data being set as a cookie value. An attacker could exploit th...

Unspecified vulnerability in Ratpack (CNVD-2021-52416)

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which can be exploited by an attacker to achieve remote code execution via a maliciously crafted chain of Java deserialization gadgets targeting Ratpack session...

XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the...

AZL-44931 CVE-2021-33813 affecting package jdom2 2.0.6-29

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...

at.porscheinformatik.zanata:common (>=4.7.0 <=4.7.8), at.porscheinformatik.zanata:stub-server (>=4.7.0 <=4.7.8) +1348 more potentially affected by CVE-2020-10688 via org.jboss.resteasy:resteasy-jaxrs (>=3.0-beta-1 <=3.11.0.Final)

org.jboss.resteasy:resteasy-jaxrs MAVEN version =3.0-beta-1, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =4.7.0, =1.0.0, =1.1.9, =1.1.10 and more Source cves: CVE-2020-10688 Source advisory: SNYK:JAVA-ORGJBOSSRESTEASY-8706731...