Description
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
Remediation
References
http://syncope.apache.org/security
Related Vulnerabilities
CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source
CVE-2017-7545 Vulnerability in maven package org.jbpm:jbpm-designer-backend
CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis
CVE-2023-4759 Vulnerability in maven package org.eclipse.jgit:org.eclipse.jgit
CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server