Lucene search
PRIOn knowledge basePRION:CVE-2023-25141HistoryFeb 14, 2023 - 1:15 p.m.
Design/Logic Flaw
2023-02-1413:15:00
PRIOn knowledge base
www.prio-n.com
3
apache sling jcr base
injection vulnerability
jdk 1.8.191
upgrade
remote location access
Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a remote location via JDNI and RMI. Users of Apache Sling JCR Base are recommended to upgrade to Apache Sling JCR Base 3.1.12 or later, or to run on a more recent JDK.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sling_jcr_base | ge | 2.0.6 | |
| sling_jcr_base | lt | 3.1.12 |
References
Related
osv
osv
Command injection in Apache Sling
2023-02-14 15:30:28
cvelist
cvelist
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
2023-02-14 12:12:21
github
github
Command injection in Apache Sling
2023-02-14 15:30:28
veracode
veracode
Command Injection
2023-02-15 06:55:50
cnvd
cnvd
Apache Sling JNDI Injection Vulnerability
2023-02-17 00:00:00
nvd
nvd
CVE-2023-25141
2023-02-14 13:15:12
cve
cve
CVE-2023-25141
2023-02-14 13:15:12