Lucene search
China National Vulnerability DatabaseCNVD-2023-25933HistoryFeb 17, 2023 - 12:00 a.m.
Apache Sling JNDI Injection Vulnerability
2023-02-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
apache sling
jndi injection
vulnerability
java platform
apache foundation
jsr-170-compliant
apache jackrabbit
validation
input data
remote locations
jdni
rmi
cnvd
0.001 Low
EPSS
Percentile
38.4%
Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a JNDI injection vulnerability exists in versions prior to Apache Sling JCR Base 3.1.12. The vulnerability stems from the lack of proper validation of the jndiName variable for the input data, which can be exploited by attackers to The vulnerability allows applications to access data stored in remote locations via JDNI and RMI via the functions getRepository and getRepositoryFromURL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache apache sling | lt | 3.1.12 |
Related
osv
osv
Command injection in Apache Sling
2023-02-14 15:30:28
github
github
Command injection in Apache Sling
2023-02-14 15:30:28
cvelist
cvelist
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
2023-02-14 12:12:21
veracode
veracode
Command Injection
2023-02-15 06:55:50
prion
prion
Design/Logic Flaw
2023-02-14 13:15:00
nvd
nvd
CVE-2023-25141
2023-02-14 13:15:12
cve
cve
CVE-2023-25141
2023-02-14 13:15:12