org.apache.sling:org.apache.sling.jcr.base is vulnerable to Command Injection. The vulnerability exists in the getRepository
and getRepositoryFromURL
functions of RepositoryAccessor.java
because it allows a remote attacker to access data stored in a remote location via JDNI or RMI. An application is only affected by this vulnerability if running on JDK versions <= 1.8.191.
CPE | Name | Operator | Version |
---|---|---|---|
apache sling jcr base | le | 3.1.10 | |
apache sling jcr base | le | 3.1.10 |