CVE-2021-22696
- EPSS 1.97%
- Veröffentlicht 02.04.2021 10:15:12
- Zuletzt bearbeitet 21.11.2024 05:50:28
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" par...
CVE-2020-17530
- EPSS 94.36%
- Veröffentlicht 11.12.2020 02:15:10
- Zuletzt bearbeitet 27.10.2025 17:37:20
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2020-1971
- EPSS 0.34%
- Veröffentlicht 08.12.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:45
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
CVE-2020-11971
- EPSS 9.7%
- Veröffentlicht 14.05.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:59:00
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.