Опубликовано: 17 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Impact
hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.
Patches
Upgrade Hermes to at least hermes-2.2.9
References
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
Пакеты
Наименование
pl.allegro.tech.hermes:hermes-management
maven
Затронутые версииВерсия исправления
< 2.2.9
2.2.9
9.3 Critical
CVSS4
9.8 Critical
CVSS3
Дефекты
CWE-1395
9.3 Critical
CVSS4
9.8 Critical
CVSS3
Дефекты
CWE-1395