![]() The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.ĭue to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. As of this release, the inputted strings are properly escaped when rendered. In particular, the end-user could enter javascript or similar and this would be executed. Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. Go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |