Description
A context.json endpoint of Apache Unomi is vulnerable to MVEL and OGNL expression injection. An attacker could exploit this vulnerability using a specially-crafted expression to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of Apache Unomi (=> 1.5.2)
References
Related Vulnerabilities
WordPress Plugin Auto Attachments TimThumb Arbitrary File Upload (0.3)
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
Squid Improper Input Validation Vulnerability (CVE-2010-0308)
Invision Power Board version 3.3.4 unserialize PHP code execution