Description

ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).

Remediation

References

https://github.com/ff4j/ff4j/issues/624

Related Vulnerabilities

CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core

CVE-2021-44228 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2020-26870 Vulnerability in npm package dompurify

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-common-utilities

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-users-permissions

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo