Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netflix Titus 注入漏洞
Vulnerability Description
Netflix Titus是美国Netflix公司的一个容器管理平台,可提供可扩展且可靠的容器执行以及与 Amazon AWS 的云原生集成。 Netflix Titus v0.1.1-rc.274之前版本中存在注入漏洞。攻击者可通过向错误信息模板中注入任意数据利用该漏洞执行任意的Java代码。
CVSS Information
N/A
Vulnerability Type
N/A