CVE-2023-27866: Improper Control of Generation of Code ('Code Injection')

June 28, 2023 (updated July 6, 2023)

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511.

References

exchange.xforce.ibmcloud.com/vulnerabilities/249511
nvd.nist.gov/vuln/detail/CVE-2023-27866
www.ibm.com/support/pages/node/7007615

Detect and mitigate CVE-2023-27866 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →