Description
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
Remediation
References
http://syncope.apache.org/security
Related Vulnerabilities
CVE-2021-21604 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-1003031 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project
CVE-2021-44140 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-services
CVE-2017-8046 Vulnerability in maven package org.springframework.boot:spring-boot-starter-data-rest