![]() GLPI stands for Gestionnaire Libre de Parc Informatique. This issue was addressed by restricting allowed classes when deserializing user-controlled data. The url parameter of the /api/geojson endpoint in Metabase versions = 5.0.1. An attacker would need credentials to exploit this vulnerability. As a result, an attacker can get access to system logs. That can lead to prediction of the generated URL. The command that creates the URL for the support bundle uses an insecure RNG. A flaw was found in the Web Service, which could lead to local information disclosure. Apache Jena TDB 2.Īn issue was discovered in Object First 1.0.7.712. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. ** UNSUPPORTED WHEN ASSIGNED ** Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |