Lucene search
GitHub Advisory DatabaseGHSA-WRX5-RP7M-MM49HistoryOct 06, 2022 - 6:52 p.m.
Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
2022-10-0618:52:05
CWE-470
GitHub Advisory Database
github.com
15
jxpath
remote code execution
xpath expressions
This advisory has been withdrawn due to the CVE being rejected.
Original advisory text
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.
Affected configurations
Node
apachecommons_jxpathRange≤1.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| commons-jxpath:commons-jxpath | le | 1.3 |
References
Related
cve
cve
CVE-2022-41852
2022-10-06 18:17:05
cvelist
cvelist
CVE-2022-41852
1976-01-01 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-10-12 10:01:17
nvd
nvd
CVE-2022-41852
2022-10-06 18:17:05
githubexploit
githubexploit
Exploit for CVE-2022-41852
2022-10-14 12:09:19
osv
osv
JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
2022-10-06 18:52:05
Remote Code Execution (RCE) vulnerability in geoserver
2024-07-01 20:34:50
redhatcve
redhatcve
CVE-2022-41852
2022-10-19 12:17:59
debiancve
debiancve
CVE-2022-41852
2022-10-06 18:17:00
ubuntucve
ubuntucve
github
github
Remote Code Execution (RCE) vulnerability in geoserver
2024-07-01 20:34:50
ibm
ibm
redhat
redhat
Related for GHSA-WRX5-RP7M-MM49