AI Score
Confidence
Low
hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.
Upgrade Hermes to at least hermes-2.2.9
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
github.com/allegro/hermes
github.com/allegro/hermes/commit/72ecc5aa41e37fd614443dd35d9200b66a61afb1
github.com/allegro/hermes/security/advisories/GHSA-2gh6-wc3m-g37f
hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852