EUVD-2022-7591

Malicious code in bioql PyPI...

GHSA-C2P4-8MVV-RWMV Apache Karaf vulnerable to potential code injection

This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource uses InitialContext.lookupjndiName without filtering. A...

Apache Karaf 安全漏洞

Apache Karaf is a lightweight OSGi Java Dynamic Modular System container for deploying applications and components from the Apache Foundation. A security vulnerability exists in Apache Karaf versions prior to 4.3.8 and 4.4.x prior to 4.4.2, which stems from the use of JNDI LDAP data URIs configur...