16 matches found
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
Remote code execution
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2022-23330
CVE-2022-23330 affects jpress v4.2.0, specifically the HelloWorldAddonController.java component. The vulnerability allows remote code execution by supplying a crafted JAR package, enabling an attacker to run arbitrary code on the affected system. The connected Red Hat, NVD, OSV, and related recor...
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2021-45808
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...
CVE-2021-45808
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...
CVE-2021-45808
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server...
CVE-2021-45808
CVE-2021-45808 affects Jpress v4.2.0. Connected sources describe a file-upload vulnerability enabled by default account registration, allowing upload of arbitrary files to the server and potential remote code execution. No explicit remediation or patch details are provided in the supplied documen...
CVE-2021-45807
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin.AddonController::doUploadAndInstall...
CVE-2021-45807
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin.AddonController::doUploadAndInstall...
CVE-2021-45807
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin.AddonController::doUploadAndInstall...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code...
CVE-2021-45806
CVE-2021-45806 affects jpress v4.2.0: the admin panel exposes a function that allows attackers to modify templates and inject malicious code. The reported impact is malicious code injection via template modification, but the provided documents do not specify the exact root cause, vulnerable compo...