oss-sec mailing list archives
CVE-2020-13942: Remote Code Execution in Apache Unomi
From: Serge Huber <shuber () apache org>
Date: Tue, 24 Nov 2020 18:12:36 +0100
Description: It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem. References: http://unomi.apache.org./security/cve-2020-13942.txt
Current thread:
- CVE-2020-13942: Remote Code Execution in Apache Unomi Serge Huber (Nov 24)