Описание
Command injection in nevado-jms
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.
Пакеты
Наименование
org.skyscreamer:nevado-jms
maven
Затронутые версииВерсия исправления
<= 1.3.2
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
больше 2 лет назад
Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.