Description
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Remediation
References
https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
Related Vulnerabilities
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox
CVE-2020-2244 Vulnerability in maven package org.jenkins-ci.plugins:build-failure-analyzer
CVE-2023-22602 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-starter
CVE-2023-24977 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2019-10172 Vulnerability in maven package org.codehaus.jackson:jackson-mapper-asl