Description
Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.
Remediation
References
https://github.com/larsga/Duke/issues/273
Related Vulnerabilities
CVE-2021-23337 Vulnerability in npm package lodash.template
CVE-2022-25927 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2017-5858 Vulnerability in npm package converse.js
CVE-2021-21361 Vulnerability in maven package com.bmuschko:gradle-vagrant-plugin
CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core