Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the SCRIPTSAFEPREEXEC definition in RangerRequestScriptEvaluator. An attacker can execute arbitrary OS commands by invoking scripts that rebuild the script context/engine e.g., via loadWithNewGlobal and...