53 matches found
CVE-2023-25141
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...
EUVD-2021-1005
Malware in sbrugna...
EUVD-2023-0711
Malicious code in bioql PyPI...
EUVD-2022-5587
Malicious code in bioql PyPI...
EUVD-2025-27118
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-58782
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0...
biz.netcentric.aem.sysenvtools:apply-system-env-install-hook (>=1.2.0 <=1.2.3), biz.netcentric.aem.sysenvtools:system-env-change-listener (>=1.2.0 <=1.2.3) +409 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-jcr-commons (>=2.0-beta1 <=2.22.1)
org.apache.jackrabbit:jackrabbit-jcr-commons MAVEN version =2.0-beta1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0, =2.0.0, =2.5.0, =2.5.4, =2.5.4, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.1 - com.adobe.ac...
Deserialization of Untrusted Data
Overview org.apache.jackrabbit:jackrabbit-jcr-commons is a fully conforming implementation of the Content Repository for Java Technology API. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary...
be.hobbiton.maven:linux-packaging-maven-plugin (>=1.0.0 <=1.1.2), biz.netcentric.aem.sysenvtools:apply-system-env-install-hook (>=1.2.0 <=1.2.3) +1030 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-jcr-commons (>=1.1.1 <=2.22.1)
org.apache.jackrabbit:jackrabbit-jcr-commons MAVEN version =1.1.1, =1.0.0, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0, =2.0.0, =2.5.0, =2.5.4, =2.5.4, =1.0.0, =1.0.0, =1.0.0, =1.4.0 - biz.netcentric.filevault.validator:aem-...
Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data
There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...
DEBIAN-CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
UBUNTU-CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
CVE-2025-58782 affects Apache Jackrabbit Core (1.0.0–2.22.1) and Apache Jackrabbit JCR Commons (1.0.0–2.22.1). The issue is Deserialization of Untrusted Data triggered by accepting JNDI URIs for JCR lookup from untrusted users, which can lead to arbitrary code execution through deserialization of...
CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
CVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...
Apache Jackrabbit Core和Apache Jackrabbit JCR Commons 安全漏洞
Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are both products of the Apache Foundation.Apache Jackrabbit Core is a content repository core.Apache Jackrabbit JCR Commons is a general-purpose tool library. A security vulnerability exists in Apache Jackrabbit Core versions 1.0.0 through...
MAL-2025-6734 Malicious code in jcr-hopper (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in jcr-hopper (npm)
The package communicates with a domain associated with malicious activity...