CVE-2014-0111

EPSS 1.4%

Apache Syncope JEXL Code Injection

Published: 5/14/2022Modified: 11/29/2024

Description

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

Affected packages (1)

Maven/org.apache.syncope:syncope>= 1.0.0, < 1.0.9

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0111
WEBhttp://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%[email protected]%3E
WEBhttps://web.archive.org/web/20201208163011/http://www.securityfocus.com/archive/1/531841/100/0/threaded
WEBhttp://syncope.apache.org/security.html