Description
A context.json endpoint of Apache Unomi is vulnerable to MVEL and OGNL expression injection. An attacker could exploit this vulnerability using a specially-crafted expression to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of Apache Unomi (=> 1.5.2)
References
Related Vulnerabilities
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)
Plone CMS Improper Input Validation Vulnerability (CVE-2015-7318)
WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)
Squid Improper Input Validation Vulnerability (CVE-2015-3455)
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center