62 matches found
CVE-2026-32301
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...
EUVD-2022-2644
Malicious code in bioql PyPI...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...
CVE-2013-4457
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
RHEL 8 : Satellite 6.12.1 Async Security Update (Critical) (RHSA-2023:0261)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0261 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
RHCOS 4 : OpenShift Container Platform 4.10.56 (RHSA-2023:1655)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1655 advisory. - kube-apiserver: Aggregated API server can cause clients to be redirected SSRF CVE-2022-3172 - spring-security-oauth2-client:...
RHCOS 4 : OpenShift Container Platform 4.9.59 (RHSA-2023:1524)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1524 advisory. - apache-commons-text: variable interpolation RCE CVE-2022-42889 Note that Nessus has not tested for this issue but has instead relied only o...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...