Arbitrary Code Execution Affecting org.apache.syncope:syncope-core Open this link in a new tab package, versions [1.0.0,1.0.9) [1.1.0,1.1.7)
Do your applications use this vulnerable package?
6 Jun 2014
17 Apr 2014
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."