CVE-2022-40145: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.
References
- gitbox.apache.org/repos/asf?p=karaf.git;h=2a933445d1
- gitbox.apache.org/repos/asf?p=karaf.git;h=3819f48341
- github.com/advisories/GHSA-c2p4-8mvv-rwmv
- github.com/apache/karaf/pull/1632
- issues.apache.org/jira/browse/KARAF-7568
- karaf.apache.org/security/cve-2022-40145.txt
- nvd.nist.gov/vuln/detail/CVE-2022-40145
Detect and mitigate CVE-2022-40145 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →