Skip to content

Instantly share code, notes, and snippets.

@breadchris

breadchris/results.json

Created January 18, 2023 23:46
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save breadchris/19b0749335a5cce0f2b747f1a162431f to your computer and use it in GitHub Desktop.
Save breadchris/19b0749335a5cce0f2b747f1a162431f to your computer and use it in GitHub Desktop.
Download ZIP
CISA Known Exploited Java Vulnerabilities
Raw
results.json
{
"data": {
"vulnerability_cisa_known_exploited": [
{
"vulnerability_name": "Apache Struts Multiple Versions Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-rest-plugin"
}
}
],
"summary": "REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Shiro 1.2.4 Cookie RememberME Deserial Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.shiro:shiro-core"
}
}
],
"summary": "Improper Access Control in Apache Shiro"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Solr 5.0.0-8.3.1 Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.solr:solr-core"
}
}
],
"summary": "Improper Input Validation in Apache Solr"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts Forced OGNL Double Evaluation Remote Code Execution",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-core"
}
}
],
"summary": "Remote code execution in Apache Struts"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts Jakarta Multipart parser exception handling vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-core"
}
}
],
"summary": "Apache Struts vulnerable to remote arbitrary command execution due to improper input validation"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-core"
}
}
],
"summary": "Apache Struts vulnerable to remote command execution (RCE) due to improper input validation"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Liferay Portal prior to 7.2.1 CE GA2 Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "com.liferay.portal:com.liferay.portal-kernel"
}
}
],
"summary": "Deserialization of Untrusted Data in Liferay Portal"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Nexus Repository Manager 3 Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.sonatype.nexus:nexus-extdirect"
}
}
],
"summary": "Nexus Repository Manager 3 - Remote Code Execution "
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Solr DataImportHandler Code Injection Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.solr:solr-core"
}
}
],
"summary": "XML External Entity (XXE) Injection in Apache Solr"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Log4j2 Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.logging.log4j:log4j-core"
}
}
],
"summary": "Remote code injection in Log4j"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Primetek Primefaces Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.primefaces:primefaces"
}
}
],
"summary": "Inadequate Encryption Strength"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts 1 ActionForm Denial-of-Service Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "struts:struts"
}
}
],
"summary": "Improper Input Validation in Apache Struts"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.jenkins-ci.main:jenkins-core"
}
}
],
"summary": "Deserialization of Untrusted Data in Jenkins"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts 1 Improper Input Validation Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-struts1-plugin"
}
}
],
"summary": "Code execution in Apache Struts 1 plugin"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache ActiveMQ Improper Input Validation Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.activemq:activemq-client"
}
}
],
"summary": "Improper Input Validation in Apache ActiveMQ"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Tomcat Improper Privilege Management Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.tomcat.embed:tomcat-embed-core"
}
}
],
"summary": "Improper Privilege Management in Tomcat"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.springframework.cloud:spring-cloud-config-server"
}
}
],
"summary": "Directory traversal attack in Spring Cloud Config"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Kylin OS Command Injection Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.kylin:kylin-core-common"
}
}
],
"summary": "Command Injection in Kylin"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Jenkins Matrix Project Plugin Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.jenkins-ci.plugins.workflow:workflow-cps"
}
}
],
"summary": "Sandbox bypass in Jenkins Pipeline: Groovy Plugin"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "VMware Tanzu Spring Data Commons Property Binder Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.springframework.data:spring-data-commons"
}
}
],
"summary": "Spring Data Commons remote code injection vulnerability"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Tomcat Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.tomcat:tomcat"
}
}
],
"summary": "Unrestricted Upload of File with Dangerous Type Apache Tomcat"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Tomcat on Windows Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.tomcat.embed:tomcat-embed-core"
}
}
],
"summary": "When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.elasticsearch:elasticsearch"
}
}
],
"summary": "Improper Access Control in Elasticsearch"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Apache Struts Improper Input Validation Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.apache.struts:struts2-core"
}
}
],
"summary": "Code injection in Apache Struts"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Spring Framework JDK 9+ Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.springframework.boot:spring-boot-starter-web"
}
},
{
"package": {
"name": "org.springframework:spring-webflux"
}
},
{
"package": {
"name": "org.springframework:spring-webmvc"
}
},
{
"package": {
"name": "org.springframework.boot:spring-boot-starter-webflux"
}
},
{
"package": {
"name": "org.springframework:spring-beans"
}
}
],
"summary": "Remote Code Execution in Spring Framework"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "Jenkins Script Security Plugin Sandbox Bypass Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.jenkins-ci.plugins:script-security"
}
}
],
"summary": "Sandbox bypass in Script Security Plugin"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "VMware Spring Cloud Gateway Code Injection Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.springframework.cloud:spring-cloud-gateway"
}
}
],
"summary": "Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
},
{
"vulnerability_name": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability",
"vulnerability": [
{
"equivalents": [
{
"equivalent_vulnerability": {
"affected": [
{
"package": {
"name": "org.springframework.cloud:spring-cloud-function-context"
}
}
],
"summary": "Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression"
}
}
],
"equivalents_aggregate": {
"aggregate": {
"count": 1
}
}
}
]
}
]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment