Lucene search
K

7 matches found

Snyk
Snyk
added 2025/09/08 9:31 a.m.3 views

Deserialization of Untrusted Data

Overview org.apache.jackrabbit:jackrabbit-jcr-commons is a fully conforming implementation of the Content Repository for Java Technology API. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary...

6.9CVSS7.8AI score0.01286EPSS
Exploits0References2
OSV
OSV
added 2025/09/08 9:31 a.m.3 views

GHSA-CXVC-G8F2-4GMM Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

6.5CVSS6.3AI score0.01286EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/08 9:31 a.m.11 views

Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

6.5CVSS8.1AI score0.01286EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2025/09/08 9:15 a.m.3 views

DEBIAN-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

6.5CVSS6.7AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2025/09/08 9:15 a.m.5 views

CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

6.5CVSS8.1AI score
Exploits0References2
OSV
OSV
added 2025/09/08 9:15 a.m.3 views

UBUNTU-CVE-2025-58782

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

6.5CVSS6.4AI score0.01286EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/08 8:53 a.m.8 views

CVE-2025-58782 Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory

Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup from...

0.01286EPSS
Exploits0References1
Rows per page
Query Builder