org.apache.sling:org.apache.sling.i18n@2.2.2 vulnerabilities

latest version

2.6.6

latest non vulnerable version

2.6.6

first published

14 years ago

latest version published

2 months ago

licenses detected

Apache-2.0
[2.0.2,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.sling:org.apache.sling.i18n package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Privilege Escalation Affected versions of this package are vulnerable to Privilege Escalation such that an attacker might trick someone by changing the text on a delete button to `Info`. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. How to fix Privilege Escalation? Upgrade `org.apache.sling:org.apache.sling.i18n` to version 2.6.2 or higher.	[,2.6.2)

Privilege Escalation

Affected versions of this package are vulnerable to Privilege Escalation such that an attacker might trick someone by changing the text on a delete button to Info. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product.

How to fix Privilege Escalation?

Upgrade org.apache.sling:org.apache.sling.i18n to version 2.6.2 or higher.

[,2.6.2)

Go back to all versions of this package