Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-917
Total 142 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26092 1 Puzzle 1 Liima 2023-02-28 N/A 9.8 CRITICAL
Liima before 1.17.28 allows server-side template injection.
CVE-2022-23504 1 Typo3 1 Typo3 2022-12-16 N/A 4.9 MEDIUM
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
CVE-2020-10199 1 Sonatype 1 Nexus 2022-10-07 9.0 HIGH 8.8 HIGH
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVE-2022-23463 1 Nepxion 1 Discovery 2022-09-28 N/A 9.8 CRITICAL
Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds.
CVE-2021-31805 1 Apache 1 Struts 2022-07-25 7.5 HIGH 9.8 CRITICAL
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
CVE-2022-22980 1 Vmware 1 Spring Data Mongodb 2022-06-30 6.8 MEDIUM 9.8 CRITICAL
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CVE-2020-17530 2 Apache, Oracle 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more 2022-06-03 7.5 HIGH 9.8 CRITICAL
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2021-28170 3 Eclipse, Oracle, Quarkus 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more 2022-04-25 5.0 MEDIUM 5.3 MEDIUM
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
CVE-2021-32834 1 Eclipse 1 Keti 2022-04-25 6.5 MEDIUM 9.9 CRITICAL
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
CVE-2020-3956 2 Linux, Vmware 3 Linux Kernel, Photon Os, Vcloud Director 2021-12-13 6.5 MEDIUM 8.8 HIGH
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
CVE-2020-15143 1 Sylius 1 Syliusresourcebundle 2021-11-18 6.5 MEDIUM 8.8 HIGH
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2020-15146 1 Sylius 1 Syliusresourcebundle 2021-11-18 6.5 MEDIUM 8.8 HIGH
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
CVE-2020-26565 1 Objectplanet 1 Opinio 2021-08-09 5.0 MEDIUM 7.5 HIGH
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2019-9041 1 Zzzcms 1 Zzzphp 2021-07-21 6.5 MEDIUM 7.2 HIGH
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
CVE-2020-7171 1 Hp 1 Intelligent Management Center 2021-07-21 10.0 HIGH 9.8 CRITICAL
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7172 1 Hp 1 Intelligent Management Center 2021-07-21 10.0 HIGH 9.8 CRITICAL
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-1959 1 Apache 1 Syncope 2021-07-21 7.5 HIGH 9.8 CRITICAL
A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.
CVE-2020-7799 1 Fusionauth 1 Fusionauth 2021-07-21 9.0 HIGH 7.2 HIGH
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.
CVE-2020-9296 1 Netflix 1 Conductor 2021-07-21 7.5 HIGH 9.8 CRITICAL
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
CVE-2019-12822 1 Embedthis 1 Goahead 2021-07-21 5.0 MEDIUM 7.5 HIGH
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.