| |
Vulnerability CVE-2022-41852
Published: 2022-10-06
| Description: |
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. |
References: |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
