Description
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Remediation
References
https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
Related Vulnerabilities
CVE-2010-5312 Vulnerability in npm package jquery-ui
CVE-2023-50778 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate
CVE-2021-21304 Vulnerability in npm package dynamoose
CVE-2022-41704 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2023-26487 Vulnerability in maven package org.webjars.bowergithub.vega:vega