CVE-2014-0111

描述

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

受影響套件(1)

• Maven/org.apache.syncope:syncope>= 1.0.0, < 1.0.9

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-0111
• WEBhttp://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%[email protected]%3E
• WEBhttps://web.archive.org/web/20201208163011/http://www.securityfocus.com/archive/1/531841/100/0/threaded
• WEBhttp://syncope.apache.org/security.html