Description
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Remediation
References
http://unomi.apache.org/security/cve-2020-11975.txt
https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3E
https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3E
Related Vulnerabilities
CVE-2020-7751 Vulnerability in npm package pathval
CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-24723 Vulnerability in npm package urijs
CVE-2021-41571 Vulnerability in maven package org.apache.pulsar:pulsar
CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici