Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a JNDI injection vulnerability exists in versions prior to Apache Sling JCR Base 3.1.12. The vulnerability stems from the lack of proper validation of the jndiName variable for the input data, which can be exploited by attackers to The vulnerability allows applications to access data stored in remote locations via JDNI and RMI via the functions getRepository and getRepositoryFromURL.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache sling | lt | 3.1.12 |