CVE-2023-25141
CVE-2023-25141 concerns Apache Sling JCR Base versions prior to 3.1.12. The issue is a critical injection vulnerability in RepositoryAccessor functions getRepository and getRepositoryFromURL, which allow a remote attacker to access data via JNDI and RMI when running on older JDKs (1.8.191 or earl...