3 matches found
EUVD-2023-0711
Malicious code in bioql PyPI...
Design/Logic Flaw
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...