Description
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Remediation
References
https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
Related Vulnerabilities
CVE-2018-1336 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-beam-sql
CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs