9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.087 Low
EPSS
Percentile
94.6%
org.apache.jackrabbit:jackrabbit-standalone, jackrabbit-standalone-components and jackrabbit-webapp are vulnerable to Remote Code Execution (RCE). Use of the component commons-beanutils
, which contains a class that can be used for remote code execution over RMI, allows an attacker to upload and execute malicious code on the system.
seclists.org/fulldisclosure/2023/Jul/43
www.openwall.com/lists/oss-security/2023/07/25/8
github.com/advisories/GHSA-q8cm-3v62-jj79
github.com/apache/jackrabbit/commit/39173c683fb6a327c7a3a3bf7ed040168f27580f
github.com/apache/jackrabbit/commit/8a5df9df003240f0ffb045f6c8f86a8d6493129a
lists.apache.org/[email protected]
lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw