Description
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
Remediation
References
https://lists.apache.org/thread/7ctchj24dofgsj9g1rg1245cms9myb34
Related Vulnerabilities
CVE-2023-29020 Vulnerability in npm package @fastify/passport
CVE-2023-34459 Vulnerability in npm package @openzeppelin/contracts
CVE-2021-29425 Vulnerability in maven package commons-io:commons-io
CVE-2021-23490 Vulnerability in npm package parse-link-header
CVE-2023-3431 Vulnerability in maven package net.sourceforge.plantuml:plantuml