Description
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.
Remediation
References
https://github.com/LetianYuan/My-CVE-Public-References/tree/main/opensymphony_oscore
Related Vulnerabilities
CVE-2020-7691 Vulnerability in npm package jspdf
CVE-2020-7784 Vulnerability in npm package ts-process-promises
CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui
CVE-2016-10540 Vulnerability in maven package org.webjars:minimatch
CVE-2018-16493 Vulnerability in npm package static-resource-server