This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HJoyent Json
APPJoyent< 10.0.0Oracle Commerce Guided Search
APPOracle11.3.2Oracle Financial Services Crime And Compliance Management Studio
APPOracle8.0.8.2.08.0.8.3.0Oracle Financial Services Regulatory Reporting With Agilereporter
APPOracle8.0.9.6.3Oracle Timesten In Memory Database
APPOracle< 21.1.1.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje
Powiązane podatności
CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...
CVE-2018-1273CRITICAL9.8⚠ KEVten sam produkt
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...
CVE-2022-22978CRITICAL9.8ten sam produkt
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatc...
CVE-2021-41303CRITICAL9.8ten sam produkt
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may caus...
CVE-2019-12419CRITICAL9.8ten sam produkt
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged O...