2 matches found
CVE-2020-11975
CVE-2020-11975 affects Apache Unomi. The connected documents confirm OGNL-based injection in conditions that can call static Java classes, enabling arbitrary code execution with the Java process’s privileges. This is described as a remote code execution vector and is exploitable through OGNL (and...
CVE-2021-31164
CVE-2021-31164 concerns Apache Unomi prior to version 1.5.5, where CRLF log injection is possible due to lack of escaping in log statements. Multiple sources (NVD, RH, OSV, CNVD/CNNVD, CVE lists) confirm the issue and correlate it with a pre-1.5.5 release. The vulnerability arises from improper h...