CVE-2024-23673 – Apache Sling Servlets Resolver: Malicious code execution via path traversal
https://notcve.org/view.php?id=CVE-2024-23673
Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. Ejecución de código malicioso mediante path traversal en Apache Software Foundation Apache Sling Servlets Resolver. Este problema afecta a todas las versiones de Apache Sling Servlets Resolver anteriores a la 2.11.0. • http://www.openwall.com/lists/oss-security/2024/02/06/1 https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-47937 – Multiple parsing problems in the Apache Sling Commons JSON module
https://notcve.org/view.php?id=CVE-2022-47937
Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries. • https://github.com/apache/sling-org-apache-sling-commons-johnzon https://issues.apache.org/jira/browse/SLING-6536 https://lists.apache.org/thread/sws7z50x47gv0c38q4kx6ktqrvrrg1pm https://www.openwall.com/lists/oss-security/2023/05/15/2 • CWE-20: Improper Input Validation •
CVE-2022-45064 – Apache Sling Engine: Include-based XSS
https://notcve.org/view.php?id=CVE-2022-45064
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option. • http://www.openwall.com/lists/oss-security/2023/04/18/6 https://lists.apache.org/thread/hhp611hltby3whk03vx2mv7cmy3vs0ok • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-26513 – Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS
https://notcve.org/view.php?id=CVE-2023-26513
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. • https://lists.apache.org/thread/xpcpo1y88ldss5hgmvogsf6h3735l5zb • CWE-834: Excessive Iteration •
CVE-2023-25621 – Apache Sling does not allow to handle i18n content in a secure way
https://notcve.org/view.php?id=CVE-2023-25621
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to change any text or dialog in the product. For example an attacker might fool someone by changing the text on a delete button to "Info". This issue affects the i18n module of Apache Sling up to version 2.5.18. Version 2.6.2 and higher limit by default i18m dictionaries to certain paths in the repository (/libs and /apps). Users of the module are advised to update to version 2.6.2 or higher, check the configuration for resource loading and then adjust the access permissions for the configured path accordingly. • https://sling.apache.org/news.html •