CVE-2022-45381 Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier doesn't restrict the set of enabled prefix interpolators and bundles and allows attackers to download and execute arbitrary code.
Note that this issue does not affect Jenkins installations that have explicitly disabled the 'file:' prefix interpolator, or installations that have disabled the
CVE-2022-45402 In Airflow versions prior to 2.4.3, there was an open redirect in the webserver's /login endpoint.
This allowed an attacker to hijack an Airflow user's session by redirecting to a malicious site, then using `airflow login` to sign in
CVE-2022-42131 Liferay products are affected by SSL certificate validation in the Dynamic Data Mapping module's REST data providers.
This issue was resolved in Liferay version 7.5. Bug: When you enable a REST data provider in a Dynamic Data Map, the validation of
CVE-2022-42121 SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA. It can allow remote attackers to execute arbitrary SQL commands.
CVE-2019-1841 was confirmed to exist in Liferay. When exploited, the issue allows unauthenticated attackers to execute arbitrary SQL commands in the SQL database, obtain access
CVE-2022-42119 Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module
In some cases malicious users can inject malicious scripts into the system through the Commerce REST API. An attacker can exploit this by injecting a
Episode
00:00:00
00:00:00