Vulnerabilities (CVE)

Filtered by CWE-917
Total 135 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23463 1 Nepxion 1 Discovery 2022-09-28 N/A 9.8 CRITICAL
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.
CVE-2021-44228 11 Apache, Bentley, Cisco and 8 more 156 Log4j, Synchro, Synchro 4d and 153 more 2022-08-17 9.3 HIGH 10.0 CRITICAL
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-31805 1 Apache 1 Struts 2022-07-25 7.5 HIGH 9.8 CRITICAL
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
CVE-2020-10199 1 Sonatype 1 Nexus 2022-07-10 9.0 HIGH 8.8 HIGH
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVE-2022-22980 1 Vmware 1 Spring Data Mongodb 2022-06-30 6.8 MEDIUM 9.8 CRITICAL
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CVE-2020-17530 2 Apache, Oracle 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more 2022-06-03 7.5 HIGH 9.8 CRITICAL
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2021-28170 3 Eclipse, Oracle, Quarkus 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more 2022-04-25 5.0 MEDIUM 5.3 MEDIUM
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
CVE-2021-32834 1 Eclipse 1 Keti 2022-04-25 6.5 MEDIUM 9.9 CRITICAL
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
CVE-2020-3956 2 Linux, Vmware 3 Linux Kernel, Photon Os, Vcloud Director 2021-12-13 6.5 MEDIUM 8.8 HIGH
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
CVE-2020-15143 1 Sylius 1 Syliusresourcebundle 2021-11-18 6.5 MEDIUM 8.8 HIGH
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2020-15146 1 Sylius 1 Syliusresourcebundle 2021-11-18 6.5 MEDIUM 8.8 HIGH
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2020-26565 1 Objectplanet 1 Opinio 2021-08-10 5.0 MEDIUM 7.5 HIGH
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-7779 1 Djvalidator Project 1 Djvalidator 2021-07-21 5.0 MEDIUM 7.5 HIGH
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.
CVE-2020-7733 1 Ua-parser-js Project 1 Ua-parser-js 2021-07-21 5.0 MEDIUM 7.5 HIGH
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
CVE-2018-16621 1 Sonatype 1 Nexus Repository Manager 2021-03-04 6.5 MEDIUM 7.2 HIGH
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVE-2020-7142 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7141 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7143 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7144 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7145 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).