Lucene search
Veracode Vulnerability DatabaseVERACODE:39277HistoryFeb 15, 2023 - 6:55 a.m.
Command Injection
2023-02-1506:55:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
command injection
apache sling
repositoryaccessor
0.001 Low
EPSS
Percentile
38.4%
org.apache.sling:org.apache.sling.jcr.base is vulnerable to Command Injection. The vulnerability exists in the getRepository and getRepositoryFromURL functions of RepositoryAccessor.java because it allows a remote attacker to access data stored in a remote location via JDNI or RMI. An application is only affected by this vulnerability if running on JDK versions <= 1.8.191.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache sling jcr base | le | 3.1.10 | |
| apache sling jcr base | le | 3.1.10 |
Related
osv
osv
Command injection in Apache Sling
2023-02-14 15:30:28
github
github
Command injection in Apache Sling
2023-02-14 15:30:28
cvelist
cvelist
CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base
2023-02-14 12:12:21
cnvd
cnvd
Apache Sling JNDI Injection Vulnerability
2023-02-17 00:00:00
prion
prion
Design/Logic Flaw
2023-02-14 13:15:00
nvd
nvd
CVE-2023-25141
2023-02-14 13:15:12
cve
cve
CVE-2023-25141
2023-02-14 13:15:12