Total
142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26092 | 1 Puzzle | 1 Liima | 2023-02-28 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows server-side template injection. | |||||
| CVE-2022-23504 | 1 Typo3 | 1 Typo3 | 2022-12-16 | N/A | 4.9 MEDIUM |
| TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | |||||
| CVE-2020-10199 | 1 Sonatype | 1 Nexus | 2022-10-07 | 9.0 HIGH | 8.8 HIGH |
| Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | |||||
| CVE-2022-23463 | 1 Nepxion | 1 Discovery | 2022-09-28 | N/A | 9.8 CRITICAL |
| Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as java.lang.Runtime, leading to Remote Code Execution. There is no patch available for this issue at time of publication. There are no known workarounds. | |||||
| CVE-2021-31805 | 1 Apache | 1 Struts | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. | |||||
| CVE-2022-22980 | 1 Vmware | 1 Spring Data Mongodb | 2022-06-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | |||||
| CVE-2020-17530 | 2 Apache, Oracle | 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. | |||||
| CVE-2021-28170 | 3 Eclipse, Oracle, Quarkus | 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more | 2022-04-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | |||||
| CVE-2021-32834 | 1 Eclipse | 1 Keti | 2022-04-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | |||||
| CVE-2020-3956 | 2 Linux, Vmware | 3 Linux Kernel, Photon Os, Vcloud Director | 2021-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. | |||||
| CVE-2020-15143 | 1 Sylius | 1 Syliusresourcebundle | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. | |||||
| CVE-2020-15146 | 1 Sylius | 1 Syliusresourcebundle | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. | |||||
| CVE-2020-26565 | 1 Objectplanet | 1 Opinio | 2021-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. | |||||
| CVE-2019-9041 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | |||||
| CVE-2020-7171 | 1 Hp | 1 Intelligent Management Center | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7172 | 1 Hp | 1 Intelligent Management Center | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-1959 | 1 Apache | 1 Syncope | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code. | |||||
| CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | |||||
| CVE-2020-9296 | 1 Netflix | 1 Conductor | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | |||||
| CVE-2019-12822 | 1 Embedthis | 1 Goahead | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | |||||