Description

Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.

Remediation

References

https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34

Related Vulnerabilities

CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer

CVE-2023-22602 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-starter

CVE-2023-24977 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2019-10172 Vulnerability in maven package org.codehaus.jackson:jackson-mapper-asl

Severity

Critical

Classification

CWE-77 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Patch Vendor Advisory