GHSA-2gh6-wc3m-g37f: hermes-management is vulnerable to RCE due to Apache commons-jxpath

September 17, 2024

hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath.

References

github.com/advisories/GHSA-2gh6-wc3m-g37f
github.com/allegro/hermes
github.com/allegro/hermes/commit/72ecc5aa41e37fd614443dd35d9200b66a61afb1
github.com/allegro/hermes/security/advisories/GHSA-2gh6-wc3m-g37f
hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852

Code Behaviors & Features

Detect and mitigate GHSA-2gh6-wc3m-g37f with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →