3 matches found
CVE-2020-11975
CVE-2020-11975 affects Apache Unomi. The connected documents confirm OGNL-based injection in conditions that can call static Java classes, enabling arbitrary code execution with the Java process’s privileges. This is described as a remote code execution vector and is exploitable through OGNL (and...
CVE-2020-13942
CVE-2020-13942 affects Apache Unomi before 1.5.2, where OGNL/MVEL-based input could lead to remote code execution via the /context.json endpoint. The root cause is unsafely evaluating scripting expressions in conditions, allowing an attacker to invoke Java classes and functions; multiple public P...
CVE-2021-31164
CVE-2021-31164 concerns Apache Unomi prior to version 1.5.5, where CRLF log injection is possible due to lack of escaping in log statements. Multiple sources (NVD, RH, OSV, CNVD/CNNVD, CVE lists) confirm the issue and correlate it with a pre-1.5.5 release. The vulnerability arises from improper h...