org.apache.openjpa:openjpa@1.2.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.openjpa:openjpa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Execution

org.apache.openjpa:openjpa The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

[1.0.0,1.2.3) [2.0.0,2.2.2)