CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core

Description

An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.

Remediation

References

https://access.redhat.com/errata/RHSA-2018:2669

https://access.redhat.com/errata/RHSA-2018:3817

https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad

https://jolokia.org/#Security_fixes_with_1.5.0

Related Vulnerabilities

CVE-2022-45685 Vulnerability in maven package org.codehaus.jettison:jettison

CVE-2019-9153 Vulnerability in npm package openpgp

CVE-2016-2510 Vulnerability in maven package org.beanshell:bsh

CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-api

CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N