Total
164 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-7552 | 1 Datagear | 1 Datagear | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability. | |||||
CVE-2024-5828 | 2024-08-06 | N/A | 8.6 HIGH | ||
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | |||||
CVE-2010-1871 | 2 Netapp, Redhat | 5 Oncommand Balance, Oncommand Insight, Oncommand Unified Manager and 2 more | 2024-07-24 | 6.8 MEDIUM | 8.8 HIGH |
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured. | |||||
CVE-2022-26134 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-06-28 | 7.5 HIGH | 9.8 CRITICAL |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | |||||
CVE-2022-22963 | 2 Oracle, Vmware | 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more | 2024-06-28 | 7.5 HIGH | 9.8 CRITICAL |
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | |||||
CVE-2021-45046 | 6 Apache, Debian, Fedoraproject and 3 more | 61 Log4j, Debian Linux, Fedora and 58 more | 2024-06-27 | 5.1 MEDIUM | 9.0 CRITICAL |
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | |||||
CVE-2023-20863 | 1 Vmware | 1 Spring Framework | 2024-06-10 | N/A | 6.5 MEDIUM |
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | |||||
CVE-2024-4286 | 2024-05-28 | N/A | 4.9 MEDIUM | ||
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users access to their previously submitted data, or to inject fake threads and/or chat history for social engineering attacks. | |||||
CVE-2023-51593 | 2024-05-03 | N/A | 9.8 CRITICAL | ||
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue results from the use of a library that is vulnerable to expression language injection. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22095. | |||||
CVE-2022-42009 | 1 Apache | 1 Ambari | 2024-02-28 | N/A | 8.8 HIGH |
SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | |||||
CVE-2022-4146 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Replication Manager, Linux Kernel, Windows and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | |||||
CVE-2022-45855 | 1 Apache | 1 Ambari | 2024-02-28 | N/A | 8.8 HIGH |
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | |||||
CVE-2023-41331 | 1 Sofastack | 1 Sofarpc | 2024-02-28 | N/A | 9.8 CRITICAL |
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist. | |||||
CVE-2023-22665 | 1 Apache | 1 Jena | 2024-02-28 | N/A | 5.4 MEDIUM |
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | |||||
CVE-2023-32200 | 1 Apache | 1 Jena | 2024-02-28 | N/A | 8.8 HIGH |
There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0. | |||||
CVE-2023-27821 | 1 Databasir | 1 Databasir | 2024-02-28 | N/A | 9.8 CRITICAL |
Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. | |||||
CVE-2022-23504 | 1 Typo3 | 1 Typo3 | 2024-02-28 | N/A | 4.9 MEDIUM |
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | |||||
CVE-2023-26092 | 1 Puzzle | 1 Liima | 2024-02-28 | N/A | 9.8 CRITICAL |
Liima before 1.17.28 allows server-side template injection. | |||||
CVE-2022-34466 | 1 Mendix | 1 Mendix | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. | |||||
CVE-2022-23463 | 1 Nepxion | 1 Discovery | 2024-02-28 | N/A | 9.8 CRITICAL |
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. |