CVE-2022-41852

Опубликовано: 06 окт. 2022

Источник: redhat

CVSS3: 9.8

Описание

A flaw was found in the Apache Commons JXPath package. This flaw allows an attacker to use the interpreter to execute untrusted expressions and a remote code attack.

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Runtimes	JXPath	Affected
Red Hat Decision Manager 7	JXPath	Not affected
Red Hat Enterprise Linux 7	apache-commons-jxpath	Affected
Red Hat Fuse 7	JXPath	Will not fix
Red Hat Integration Camel K 1	JXPath	Not affected
Red Hat Integration Camel Quarkus 1	JXPath	Not affected
Red Hat JBoss Data Grid 7	JXPath	Out of support scope
Red Hat JBoss Data Virtualization 6	JXPath	Out of support scope
Red Hat JBoss Enterprise Application Platform 7	commons-jxpath	Not affected
Red Hat JBoss Enterprise Application Platform Expansion Pack	commons-jxpath	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-470

https://bugzilla.redhat.com/show_bug.cgi?id=2136128JXPath: untrusted XPath expressions may lead to RCE attack

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-41852

ubuntu

больше 3 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2022-41852

nvd

больше 3 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

GHSA-wrx5-rp7m-mm49

CVSS3: 9.8

github

больше 3 лет назад

Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions

BDU:2022-06227

CVSS3: 9.8

fstec

больше 3 лет назад

Уязвимость функций класса JXPathContext (кроме compile и compilePath) библиотеки обработки объектных запросов JXPath, позволяющая нарушителю выполнить произвольный код

9.8 Critical

CVSS3