漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
Vulnerability Description
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems. The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+
CVSS Information
N/A
Vulnerability Type
动态管理代码资源的控制不恰当
Vulnerability Title
Google Apigee hybrid Javacallout policy 安全漏洞
Vulnerability Description
Google Apigee hybrid Javacallout policy是美国谷歌(Google)公司的一个下一代API管理平台。 Google Apigee hybrid Javacallout policy存在安全漏洞,该漏洞源于JavaCallout策略允许注入恶意对象,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A