4 matches found
EUVD-2023-0711
Malicious code in bioql PyPI...
Command Injection
org.apache.sling:org.apache.sling.jcr.base is vulnerable to Command Injection. The vulnerability exists in the getRepository and getRepositoryFromURL functions of RepositoryAccessor.java because it allows a remote attacker to access data stored in a remote location via JDNI or RMI. An application...
Command injection in Apache Sling
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
Apache Sling JCR Base 3.1.12 has a critical injection vulnerability when running on old JDK versions JDK 1.8.191 or earlier through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDN...