admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-13 21:01:40 +00:00
parent 0413c851ca
commit bb91dacfcd
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2022/24xxx/CVE-2022-24818.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings.\n"
"value": "GeoTools is an open source Java library that provides tools for geospatial data. The GeoTools library has a number of data sources that can perform unchecked JNDI lookups, which in turn can be used to perform class deserialization and result in arbitrary code execution. Similar to the Log4J case, the vulnerability can be triggered if the JNDI names are user-provided, but requires admin-level login to be triggered. The lookups are now restricted in GeoTools 26.4, GeoTools 25.6, and GeoTools 24.6. Users unable to upgrade should ensure that any downstream application should not allow usage of remotely provided JNDI strings."
}
]
},

5
2022/27xxx/CVE-2022-27479.json
View File

@ -69,6 +69,11 @@
"refsource": "MISC",
"url": "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y",
"name": "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20220413 CVE-2022-27479: Apache Superset: SQL injection vulnerability in chart data API",
"url": "http://www.openwall.com/lists/oss-security/2022/04/13/3"
}
]
},