Description
A context.json endpoint of Apache Unomi is vulnerable to MVEL and OGNL expression injection. An attacker could exploit this vulnerability using a specially-crafted expression to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of Apache Unomi (=> 1.5.2)
References
Related Vulnerabilities
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)
WordPress Improper Input Validation Vulnerability (CVE-2008-5695)