CVE

CVE-2022-41852

admin

CVE-2022-41852

Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.

Source: CVE-2022-41852

Exit mobile version