subject:"CVE\-2023\-25141 JNDI injection into Apache sling\-org\-apache\-sling\-jcr\-base"

CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base

2023-02-15 Thread Turritopsis Dohrnii Teo En Ming

Subject: CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base Good day from Singapore, Just sharing this CVE. CVE: CVE-2023-25141 JNDI injection into Apache sling-org-apache-sling-jcr-base Link: https://www.cve.org/CVERecord?id=CVE-2023-25141 Thank you. Regards, Mr

CVE-2023-25141: JNDI injection into Apache sling-org-apache-sling-jcr-base

2023-02-14 Thread Angela Schreiber

Severity: critical Description: Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access d