CVE-2020-13942: Remote Code Execution in Apache Unomi

[Serge Huber <shuber () apache org>]

Description:

It is possible to inject malicious OGNL or MVEL scripts into the
/context.json public endpoint. This was partially fixed in 1.5.1 but a
new attack vector was found. In version 1.5.2 scripts are now
completely filtered from the input. It is highly recommended to
upgrade to the latest available version of the 1.5.x release to fix
this problem.
References:

http://unomi.apache.org./security/cve-2020-13942.txt