Skip to main content

Unomi

3 CVEs product

Monthly

CVE-2021-31164 Maven HIGH PATCH This Week

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Unomi
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-13942 Maven CRITICAL POC PATCH THREAT Act Now

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Unomi
NVD
CVSS 3.1
9.8
EPSS
68.4%
CVE-2020-11975 Maven CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure Unomi
NVD
CVSS 3.1
9.8
EPSS
29.9%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Unomi
NVD
EPSS 68% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Unomi
NVD
EPSS 30% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Java Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy