Description
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
Remediation
References
https://jolokia.org/#Security_fixes_with_1.5.0
https://access.redhat.com/errata/RHSA-2018:2669
Related Vulnerabilities
CVE-2022-45394 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin
CVE-2021-39168 Vulnerability in npm package @openzeppelin/contracts-upgradeable
CVE-2022-3782 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-26136 Vulnerability in maven package org.webjars.bowergithub.salesforce:tough-cookie
CVE-2020-6506 Vulnerability in maven package org.webjars.npm:react-native-webview