CVE-2012-1826: dotCMS allows remote authenticated users to execute arbitrary Java code
(updated )
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template.
References
- github.com/advisories/GHSA-42vg-q6mw-cfh5
- github.com/dotCMS/dotCMS
- github.com/dotCMS/dotCMS/issues/261
- github.com/dotCMS/dotCMS/issues/281
- nvd.nist.gov/vuln/detail/CVE-2012-1826
- web.archive.org/web/20201208044614/https://gist.github.com/jtesser/2627440
- web.archive.org/web/20210124000108/https://www.securityfocus.com/bid/53688
Code Behaviors & Features
Detect and mitigate CVE-2012-1826 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →