WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-44140 Vulnerability in maven package org.apache.jspwiki:jspwiki-main

Description

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

Remediation

References

https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140

https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t

Related Vulnerabilities

CVE-2023-37965 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox

CVE-2019-17554 Vulnerability in maven package org.apache.olingo:odata-server-api

CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-oidc

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_2.13

CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui

Severity

Critical

Classification

CWE-276 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Vendor Advisory Mailing List