460 matches found
Jms Blog - SQL Injection
The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.
Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration
A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
CVE-2026-42527
CVE-2026-42527 describes a deserialization of untrusted data in Apache Camel. A permissive default ObjectInputFilter pattern (covering java., javax. , org.apache.camel.**) can serialize HashMap-like structures containing java.net.URL keys, causing DNS lookups as a side-channel via hashCode/equals...
EUVD-2026-41825
Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...
CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...
PT-2026-55883
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.14.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists where the default ObjectInputFilter pattern used for deserialization filtering in...
PT-2026-55885
Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An issue exists in the Apache Camel JMS component where the JmsBinding.extractBodyFromJms function i...
Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities
The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the JMSConfigFactory method. An attacker can execute arbitrary code by supplying untrusted JMS configuration data. Remediation Upgrade org.apache.cxf:cxf-rt-transports-jms to version...
CVE-2026-50632
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
CVE-2026-50632 Apache CXF: JNDI Injection Vulnerability in JMSConfigFactory
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
CVE-2026-50632
CVE-2026-50632 : Apache CXF exposes a JNDI Injection vulnerability in the JMSConfigFactory. The issue arises when untrusted users configure JMS, potentially allowing code execution. Affected versions are addressed by upgrades to 4.2.2 or 4.1.7. The NVD/CVEs and related feeds document this as a co...
Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities
The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...
CVE-2026-41855
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...
VMware Spring Framework 代码问题漏洞
VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain code vulnerabilities. These...
Linux Distros Unpatched Vulnerability : CVE-2026-41855
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and...
Deserialization of Untrusted Data
Overview org.springframework:spring-jms is a maven plugin for Spring JMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization in MappingJackson2MessageConverter and JacksonJsonMessageConverter within an untrusted JMS environment. An attacker c...