#git

wix-embedded-mysql v4.6.2 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.

PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.

stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.

oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.

FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.

bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.

wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.

jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.