Lucene search
GoogleOSV:GHSA-2GH6-WC3M-G37FHistorySep 17, 2024 - 7:29 p.m.
hermes-management is vulnerable to RCE due to Apache commons-jxpath
2024-09-1719:29:24
Google
osv.dev
hermes-management
remote code execution
apache commons-jxpath
upgrade
security vulnerability
AI Score
6.6
Confidence
Low
Impact
hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.
Patches
Upgrade Hermes to at least hermes-2.2.9
References
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
Related
cve
cve
CVE-2022-41852
2022-10-06 18:17:05
cvelist
cvelist
CVE-2022-41852
1976-01-01 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-10-12 10:01:17
nvd
nvd
CVE-2022-41852
2022-10-06 18:17:05
github
github
redhatcve
redhatcve
CVE-2022-41852
2022-10-19 12:17:59
debiancve
debiancve
CVE-2022-41852
2022-10-06 18:17:00
githubexploit
githubexploit
Exploit for CVE-2022-41852
2022-10-14 12:09:19
osv
osv
JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
2022-10-06 18:52:05
Remote Code Execution (RCE) vulnerability in geoserver
2024-07-01 20:34:50
CVE-2024-36404
2024-07-02 14:15:13
ubuntucve
ubuntucve
attackerkb
attackerkb
CVE-2024-36401
2024-07-01 00:00:00
ibm
ibm
redhat
redhat