CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

**\[CVE-2021-44140\] Apache JSPWiki Arbitrary file deletion on logout#**

**Severity**  
Critical

**Vendor**  
The Apache Software Foundation

**Versions Affected**  
Apache JSPWiki up to 2.11.0.M8

**Description**  
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance.

**Mitigation**  
Apache JSPWiki users should upgrade to 2.11.0 or later.

**Credit**  
This issue was discovered by haby0 (forhaby0@gmail.com) from Duxiaoman Financial Security Team, who also proposed the fix for this issue.

CVE

Headline

CVE-2021-44140: JSPWiki: CVE-2021-44140

CVE: Latest News