Description
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
Remediation
References
http://syncope.apache.org/security
Related Vulnerabilities
CVE-2021-41084 Vulnerability in maven package org.http4s:http4s-server_3
CVE-2017-1000242 Vulnerability in maven package org.jenkins-ci.plugins:git-client
CVE-2022-40764 Vulnerability in npm package snyk
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2019-1003067 Vulnerability in maven package org.jenkins-ci.plugins:trac-publisher-plugin